Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for documentum_webtop by opentext
CVE-2019-7416 (GCVE-0-2019-7416)
Vulnerability from cvelistv5 – Published: 2019-03-17 19:36 – Updated: 2024-08-04 20:46
VLAI
EPSS
VEX
Summary
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151582/OpenT… | x_refsource_MISC |
| https://www.opentext.com/products-and-solutions/p… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Feb/26 | mailing-listx_refsource_FULLDISC |
Date Public
2019-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in \"/webtop/help/en/default.htm\" is vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:36:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in \"/webtop/help/en/default.htm\" is vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"name": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum",
"refsource": "MISC",
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7416",
"datePublished": "2019-03-17T19:36:54.000Z",
"dateReserved": "2019-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:46.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14526 (GCVE-0-2017-14526)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/58 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14526",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14524 (GCVE-0-2017-14524)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/57 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14524",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14527 (GCVE-0-2017-14527)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/58 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14527",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14525 (GCVE-0-2017-14525)
Vulnerability from cvelistv5 – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/57 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14525",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7416 (GCVE-0-2019-7416)
Vulnerability from nvd – Published: 2019-03-17 19:36 – Updated: 2024-08-04 20:46
VLAI
EPSS
VEX
Summary
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151582/OpenT… | x_refsource_MISC |
| https://www.opentext.com/products-and-solutions/p… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Feb/26 | mailing-listx_refsource_FULLDISC |
Date Public
2019-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in \"/webtop/help/en/default.htm\" is vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:36:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in \"/webtop/help/en/default.htm\" is vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html"
},
{
"name": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum",
"refsource": "MISC",
"url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum"
},
{
"name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7416",
"datePublished": "2019-03-17T19:36:54.000Z",
"dateReserved": "2019-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:46.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14527 (GCVE-0-2017-14527)
Vulnerability from nvd – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/58 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14527",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14526 (GCVE-0-2017-14526)
Vulnerability from nvd – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/58 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14526",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14525 (GCVE-0-2017-14525)
Vulnerability from nvd – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/57 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14525",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14524 (GCVE-0-2017-14524)
Vulnerability from nvd – Published: 2017-09-27 17:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Sep/57 | mailing-listx_refsource_FULLDISC |
| https://knowledge.opentext.com/knowledge/llisapi.… | x_refsource_CONFIRM |
Date Public
2017-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-27T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - Open Redirection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/57"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14524",
"datePublished": "2017-09-27T17:00:00.000Z",
"dateReserved": "2017-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:40.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}