8 matches found
CVE-2017-15013
CVE-2017-15013 affects OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3. The design flaw lets any authenticated user modify or delete dmr_content objects (notably those linked to sensitive items such as dm_method), enabling replacement of content and e...
CVE-2017-7221
Summary (CVE-2017-7221) OpenText Documentum Content Server is susceptible to ARBITRARY CODE EXECUTION via the dm_bp_transition docbase method when a user-created dm_procedure object is present. The vulnerability enables remote authenticated users to run code with super-user privileges , demonstra...
CVE-2017-15012
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3 is affected by CVE-2017-15012 due to improper validation of input to the PUT_FILE RPC-command. This allows any authenticated user to hijack arbitrary files from the Content Server filesystem, enabling pr...
CVE-2017-15276
CVE-2017-15276 affects OpenText Documentum Content Server (up to v7.3). An authenticated user can escalate privileges to superuser by uploading content in batches (TAR archives); during TAR unpacking, the server fails to verify archive contents, enabling path traversal via symlinks and access to ...
CVE-2017-15014
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3 is affected. The vulnerability arises when an authenticated user uploads content: after START_PUSH, content is uploaded, then END_PUSH_V2 returns a DATA_TICKET used to identify the file on the filesystem...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 is affected by a privilege-escalation vulnerability. A root-owned SUID binary, dm_secure_writer, can bypass security controls to enable an arbitrary file write as root from a non-privileged Documentum user. Documents from Red Hat and PTSecurity corro...
CVE-2017-7220
OpenText Documentum Content Server has a vulnerability where an attacker can gain superuser access by saving a crafted object via sys_obj_save (or saving an object) and issuing an unauthorized UPDATE dm_dbo.dm_user_s SET user_privileges=16, i.e., the so‑called RPC save-commands attack. This CVE (...
CVE-2017-5585
OpenText Documentum Content Server 7.3 (PostgreSQL builds) with return_top_results_row_based=false is vulnerable to DQL injection due to incomplete restriction of DQL hints. Remote authenticated users can craft requests to execute arbitrary DML or DDL commands. Root cause is an incomplete fix for...