Vulnerabilities > CVE-2017-14759 - XXE vulnerability in Opentext Document Sciences Xpression 4.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
opentext
CWE-611
NVD
Published: 2017-10-03
Updated: 2017-10-11

Summary

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.

Vulnerable Configurations

Part Description Count
Application
Opentext
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144447/opentextdsx-xxe.txt
idPACKETSTORM:144447
last seen2017-09-30
published2017-09-29
reporterMariusz Woloszyn
sourcehttps://packetstormsecurity.com/files/144447/OpenText-Document-Sciences-xPression-4.5SP1-Patch-13-XML-Injection.html
titleOpenText Document Sciences xPression 4.5SP1 Patch 13 XML Injection

References