Marcin Wołoszyn

**Name of the Vulnerable Software and Affected Versions** OpenText Document Sciences xPression versions prior to v4.5SP1 Patch 13 **Description** The issue allows for Arbitrary File Read. An attacker must first authenticate to the application. The "/xAdmin/html/cm datasource group xsd.jsp" API endpoint is vulnerable, specifically the `xsd datasource schema file` filename parameter. **Recommendations** For versions prior to v4.5SP1 Patch 13, update to v4.5SP1 Patch 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/xAdmin/html/cm datasource group xsd.jsp" API endpoint and limiting the use of the `xsd datasource schema file` filename parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenText Document Sciences xPression versions prior to v4.5SP1 Patch 13 **Description** The issue is caused by an XML External Entity vulnerability. An unauthenticated user can exploit this to read directory listings or system files, or cause Server-Side Request Forgery (SSRF) or Denial of Service. The vulnerability is associated with the /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/ endpoint. **Recommendations** For versions prior to v4.5SP1 Patch 13, update to v4.5SP1 Patch 13 or later to resolve the issue. As a temporary workaround, consider restricting access to the /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/ endpoint until a patch is applied.