CVE-2017-14525

MEDIUM

OpenText Documentum Webtop 6.8.0160.0073 - Open Redirect

Title source: llm
STIX 2.1

Description

Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

References (2)

Core 2
Core References
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Sep/57
Permissions Required, Vendor Advisory x_refsource_confirm
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Scores

CVSS v3 6.1
EPSS 0.0083
EPSS Percentile 52.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (2)
opentext/documentum_administrator 7.2.0180.0055
opentext/documentum_webtop 6.8.0160.0073
Published Sep 28, 2017
Tracked Since Feb 18, 2026