3 matches found
Design/Logic Flaw
OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...
CVE-2017-5585
OpenText Documentum Content Server 7.3 (PostgreSQL builds) with return_top_results_row_based=false is vulnerable to DQL injection due to incomplete restriction of DQL hints. Remote authenticated users can craft requests to execute arbitrary DML or DDL commands. Root cause is an incomplete fix for...
CVE-2014-2520
OpenText/OpenText Documentum Content Server is affected by CVE-2014-2520 in Oracle DB deployments, where the DQL engine fails to properly restrict DQL hints, enabling remote authenticated users to perform DQL injections and read sensitive data. Affected versions include EMC Documentum Content Ser...