CVE-2017-14759

critical

Published 2017-10-03 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Application impact

Vendor	Product	Versions	Fixed
opentext	document_sciences_xpression	`{"endIncluding":"4.5"}`

References

http://seclists.org/fulldisclosure/2017/Sep/97
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774
http://seclists.org/fulldisclosure/2017/Sep/97
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

CWEs

CWE-611

Verify integrity in audit chain (admin only). AS-IS.