CVE-2017-14759

Published: Oct 3, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.

Affected (1)

Products: Opentext: Document Sciences Xpression

1 product

Document Sciences Xpression

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opentext Document Sciences Xpression	Up to 4.5

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

http://seclists.org/fulldisclosure/2017/Sep/97

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Source: cve@mitre.org

Permissions RequiredVendor Advisory

http://seclists.org/fulldisclosure/2017/Sep/97

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.