CVE-2017-14524

MEDIUM NUCLEI

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

Title source: nuclei

Description

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

Nuclei Templates (1)

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

MEDIUMby 0x_Akoko

References (2)

[Issue Tracking, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Sep/57

[Permissions Required, Vendor Advisory] https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Scores

CVSS v3 6.1

EPSS 0.0123

EPSS Percentile 79.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (2)

opentext/documentum_administrator 7.2.0180.0055

opentext/documentum_webtop 6.8.0160.0073

Published Sep 28, 2017

Tracked Since Feb 18, 2026