CVE-2017-14527
Last modified
CVE-2017-14527 is a vulnerability of currently unknown severity. Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Documentum Administrator | 7.2.0180.0055 |
| Opentext | Documentum Webtop | 6.8.0160.0073 |
References
- http://seclists.org/fulldisclosure/2017/Sep/58Exploit, Mailing List, Third Party Advisory
- https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774Permissions Required
- http://seclists.org/fulldisclosure/2017/Sep/58Exploit, Mailing List, Third Party Advisory
- https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14527?
How severe is CVE-2017-14527?
How do I fix CVE-2017-14527?
Are you affected by CVE-2017-14527?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST