CVE-2017-14754
MEDIUMOpenText Document Sciences xPression < 4.5 - Authenticated Arbitrary File Read via xsd_datasource_schema_file Parameter
Title source: llmDescription
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Sep/92
Permissions Required, Vendor Advisory x_refsource_misc
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774
Scores
CVSS v3
6.5
EPSS
0.0130
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
opentext/document_sciences_xpression
< 4.5
Published
Oct 03, 2017
Tracked Since
Feb 18, 2026