cbcvebase.

Opentext Document Sciences Xpression vulnerabilities

7 known vulnerabilities affecting opentext/document_sciences_xpression.

Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2017-14758P3HIGHCVSS 8.8PoC≤ 4.52017-10-03
CVE-2017-14758 [HIGH] CWE-89 CVE-2017-14758: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
nvd
CVE-2017-14757P3HIGHCVSS 8.8PoC≤ 4.52017-10-03
CVE-2017-14757 [HIGH] CWE-89 CVE-2017-14757: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
nvd
CVE-2017-14960P3HIGHCVSS 7.5PoC≤ 4.52018-01-04
CVE-2017-14960 [HIGH] CWE-89 CVE-2017-14960: xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.
nvd
CVE-2017-14759P3CRITICALCVSS 9.8≤ 4.52017-10-03
CVE-2017-14759 [CRITICAL] CWE-611 CVE-2017-14759: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial
nvd
CVE-2017-14754P3MEDIUMCVSS 6.5≤ 4.52017-10-03
CVE-2017-14754 [MEDIUM] CWE-22 CVE-2017-14754: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the app
nvd
CVE-2017-14756P4MEDIUMCVSS 6.1≤ 4.52017-10-03
CVE-2017-14756 [MEDIUM] CWE-79 CVE-2017-14756: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).
nvd
CVE-2017-14755P4MEDIUMCVSS 6.1≤ 4.52017-10-03
CVE-2017-14755 [MEDIUM] CWE-79 CVE-2017-14755: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (ol OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
nvd
Opentext Document Sciences Xpression vulnerabilities | cvebase