CRITICAL🇵🇱 Wersja polska

CVE-2017-14759

CVSS 9.8v3.0pub. 2017-10-03upd. 2026-05-13

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opentext Document Sciences Xpression

    APP
    Opentext
    ≤ 4.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRFDoSXXE
CWE
References

Related vulnerabilities

CVE-2017-14960HIGH7.5ten sam produkt

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13...

CVE-2017-14757HIGH8.8ten sam produkt

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...

CVE-2017-14758HIGH8.8ten sam produkt

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...

CVE-2017-14754MEDIUM6.5ten sam produkt

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...

CVE-2017-14755MEDIUM6.1ten sam produkt

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...