VIR Vulnerability Intelligence Relay

CVE-2017-14526

high
Published 2017-09-28 · Modified 2026-05-13
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Application impact
VendorProductVersionsFixed
opentextdocumentum_administrator7.2.0180.0055
opentextdocumentum_webtop6.8.0160.0073

References

CWEs

CWE-611

Verify integrity in audit chain (admin only). AS-IS.