Vulnerability Description
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Document Sciences Xpression | <= 4.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Sep/97Mailing ListThird Party Advisory
- https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774Permissions RequiredVendor Advisory
- http://seclists.org/fulldisclosure/2017/Sep/97Mailing ListThird Party Advisory
- https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774Permissions RequiredVendor Advisory
FAQ
What is CVE-2017-14759?
CVE-2017-14759 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramewor...
How severe is CVE-2017-14759?
CVE-2017-14759 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-14759?
Check the references section above for vendor advisories and patch information. Affected products include: Opentext Document Sciences Xpression.