4 matches found
CVE-2017-14524
OpenText Documentum Administrator 7.2.0180.0055 is vulnerable to multiple open redirect flaws. An attacker can redirect users to malicious sites via (1) the startat parameter in xda/help/en/default.htm or (2) the redirectUrl parameter in xda/component/virtuallinkconnect, enabling phishing or unwa...
CVE-2017-14526
CVE-2017-14526 affects OpenText Documentum Administrator 7.2.0180.0055 with XML External Entity (XXE) vulnerabilities. Remote authenticated users can cause DoS, read arbitrary files, or list directory contents, and on Windows may obtain Documentum user hashes via crafted DTDs or XML in specific t...
CVE-2017-14527
CVE-2017-14527 affects OpenText Documentum Webtop 6.8.0160.0073. The vulnerability is an XML External Entity (XXE) injection in Webtop, triggered by crafted XML—specifically in a DTD within a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or via a crafted XML file in a Medi...
CVE-2017-14525
CVE-2017-14525 concerns OpenText Documentum Webtop 6.8.0160.0073 with open redirect vulnerabilities. The issue allows remote attackers to redirect users to arbitrary sites via (1) the startat parameter in xda/help/en/default.htm or (2) a slash-encoded sequence followed by a domain in the redirect...