Jump to content
Fi8sVrs

OpenText Documentum Administrator / Webtop XXE Injection

Recommended Posts

  • Active Members

OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities.

 

Title: OpenText Documentum Administrator and Webtop - XML External
Entity Injection
Author: Jakub Palaczynski, Pawel Gocyla
Date: 24. September 2017
CVE (Administrator): CVE-2017-14526
CVE (Webtop): CVE-2017-14527

Affected software:
==================
Documentum Administrator
Documentum Webtop

Exploit was tested on:
======================
Documentum Administrator version 7.2.0180.0055
Documentum Webtop version 6.8.0160.0073
Other versions may also be vulnerable.

XML External Entity Injection - 4 instances:
============================================

Please note that examples below are for Documentum Administrator, but
the same exploitation takes place in Webtop.
This vulnerability allows for:
- listing directories and retrieving content of files from the filesystem
- stealing hashes of user that runs Documentum (if installed on Windows)
- DoS

1. Instance 1 and 2:
Authenticated users can exploit XXE vulnerability by browsing "Tools >
Preferences". It generates request to
/xda/com/documentum/ucf/server/transport/impl/GAIRConnector which
contains two XML structures. Both accept DTD and parse it which allows
exploitation.

2. Instance 3:
Authenticated users can exploit XXE vulnerability by using "File >
Import". Users can import XML files and use "MediaProfile" to open
file which triggers vulnerability.

3. Instance 4:
Authenticated users can exploit XXE vulnerability by using "File >
Check In". Users can use XML check in file and use "MediaProfile" to
open it which triggers vulnerability.

Fix:
====
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Contact:
========
Jakub[dot]Palaczynski[at]gmail[dot]com
pawellgocyla[at]gmail[dot]com


Source: https://packetstormsecurity.com/files/144364/OpenText-Documentum-Administrator-Webtop-XXE-Injection.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...