CVE-2017-14759
CRITICALOpenText Document Sciences xPression <4.5SP1 Patch 13 - SSRF
Title source: llmDescription
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Sep/97
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
opentext/document_sciences_xpression
< 4.5
Published
Oct 03, 2017
Tracked Since
Feb 18, 2026