XML External Entity Vulnerability in OpenText Document Sciences xPression
CVE-2017-14759

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Document Sciences Xpression
Vendor: CVE Published:; 3 October 2017

What is CVE-2017-14759?

The vulnerability in OpenText Document Sciences xPression allows unauthenticated users to exploit the XML External Entity (XXE) in the QuickDocHttpSoap11Endpoint service. This issue could lead to unauthorized access to sensitive information, such as directory listings and system files, and may enable further attacks like Server-Side Request Forgery (SSRF) or Denial of Service (DoS). Prompt remediation is essential to mitigate potential risks associated with this vulnerability.

References

https://knowledge.opentext.com/knowledge/llisapi.dll/Open...

x_refsource_MISC

http://seclists.org/fulldisclosure/2017/Sep/97

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Sep 27, 2017

Opentext

What is CVE-2017-14759?

References

CVSS V3.1

Timeline