RSS   Podatności dla 'Documentum administrator'   RSS

2017-09-27
 
CVE-2017-14527

 

 
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

 
 
CVE-2017-14526

 

 
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

 
 
CVE-2017-14525

 

 
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

 
 
CVE-2017-14524

 

 
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

 

 >>> Vendor: Opentext 16 Produkty
Opentext firstclass desktop client
Livelink ecm
Opentext/ixos ecm for sap netweaver
Exceed ondemand
Secure mft 2013
Secure mft 2014
Documentum d2
Documentum content server
Tempo box
Documentum administrator
Documentum webtop
Document sciences xpression
Opentext portal
Content server
Brava\! desktop
Brava\!


Copyright 2022, cxsecurity.com

 

Back to Top