CVE-2017-14527

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

Related Vulnerabilities

CVE-2010-3322

HIGH
CVSS:8.8(High)

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

CWE-6112010

CVE-2014-0225

HIGH
CVSS:8.8(High)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references ...

CWE-6112014

CVE-2014-2296

HIGH
CVSS:8.8(High)

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remo...

CWE-6112014

CVE-2016-5851

HIGH
CVSS:8.8(High)

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CWE-6112016

CVE-2016-8526

HIGH
CVSS:8.8(High)

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If ...

CWE-6112016

CVE-2017-1000021

HIGH
CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.

CWE-6112017