Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2017-14757
HistoryOct 03, 2017 - 1:29 a.m.

CVE-2017-14757

2017-10-0301:29:02
CWE-89
mitre
web.nvd.nist.gov
47
opentext
document sciences
xpression
sql injection
cve-2017-14757
security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.

Affected configurations

Nvd
Node
opentextdocument_sciences_xpressionRange4.5sp1
VendorProductVersionCPE
opentextdocument_sciences_xpression*cpe:2.3:a:opentext:document_sciences_xpression:*:sp1:*:*:*:*:*:*

Related

zdt 2
packetstorm 1
exploitdb 1
exploitpack 1
cvelist 1
prion 1
nvd 1
zdt
zdt
OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection Vulnerability
2017-09-30 00:00:00
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Vulnerability
2017-10-02 00:00:00
packetstorm
packetstorm
OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection
2017-09-29 00:00:00
exploitdb
exploitdb
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
2017-10-02 00:00:00
exploitpack
exploitpack
OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection
2017-10-02 00:00:00
cvelist
cvelist
CVE-2017-14757
2017-10-02 17:00:00
prion
prion
Sql injection
2017-10-03 01:29:00
nvd
nvd
CVE-2017-14757
2017-10-03 01:29:02

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON
Related for CVE-2017-14757
zdt2packetstorm1exploitdb1exploitpack1cvelist1prion1nvd1