Lucene search
K

4 matches found

NVD
NVD
added 2017/02/22 4:59 p.m.27 views

CVE-2017-5585

OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...

8.8CVSS8.8AI score0.02012EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/02/22 4:0 p.m.34 views

CVE-2017-5585

OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...

8.9AI score0.02012EPSS
Exploits2References2
CVE
CVE
added 2017/02/22 4:0 p.m.47 views

CVE-2017-5585

OpenText Documentum Content Server 7.3 (PostgreSQL builds) with return_top_results_row_based=false is vulnerable to DQL injection due to incomplete restriction of DQL hints. Remote authenticated users can craft requests to execute arbitrary DML or DDL commands. Root cause is an incomplete fix for...

8.8CVSS8.7AI score0.02012EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2017/02/16 12:0 a.m.221 views

OpenText Documentum Content Server 7.3 SQL Injection

CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 PostgreSQL builds only Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available Description: Previously announced fix for...

6.3CVSS0.3AI score0.02012EPSS
Exploits2
Rows per page
Query Builder