Описание
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Ссылки
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
Уязвимость средства администрирования системы электронного документооборота OpenText Documentum Administrator, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю читать произвольные файлы или вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2