4 matches found
CVE-2017-5585
OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...
CVE-2017-5585
OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...
CVE-2017-5585
OpenText Documentum Content Server 7.3 (PostgreSQL builds) with return_top_results_row_based=false is vulnerable to DQL injection due to incomplete restriction of DQL hints. Remote authenticated users can craft requests to execute arbitrary DML or DDL commands. Root cause is an incomplete fix for...
OpenText Documentum Content Server 7.3 SQL Injection
CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 PostgreSQL builds only Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available Description: Previously announced fix for...