Lucene search
K
OpentextDocumentum Content Server

8 matches found

CVE
CVE
added 2017/10/13 4:0 p.m.75 views

CVE-2017-15013

CVE-2017-15013 affects OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3. The design flaw lets any authenticated user modify or delete dmr_content objects (notably those linked to sensitive items such as dm_method), enabling replacement of content and e...

8.8CVSS8.6AI score0.06639EPSS
CVE
CVE
added 2017/04/25 2:0 p.m.73 views

CVE-2017-7221

Summary (CVE-2017-7221) OpenText Documentum Content Server is susceptible to ARBITRARY CODE EXECUTION via the dm_bp_transition docbase method when a user-created dm_procedure object is present. The vulnerability enables remote authenticated users to run code with super-user privileges , demonstra...

8.8CVSS8.8AI score0.04232EPSS
CVE
CVE
added 2017/10/13 4:0 p.m.71 views

CVE-2017-15012

OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3 is affected by CVE-2017-15012 due to improper validation of input to the PUT_FILE RPC-command. This allows any authenticated user to hijack arbitrary files from the Content Server filesystem, enabling pr...

8.8CVSS8.6AI score0.07782EPSS
CVE
CVE
added 2017/10/13 4:0 p.m.68 views

CVE-2017-15276

CVE-2017-15276 affects OpenText Documentum Content Server (up to v7.3). An authenticated user can escalate privileges to superuser by uploading content in batches (TAR archives); during TAR unpacking, the server fails to verify archive contents, enabling path traversal via symlinks and access to ...

8.8CVSS8.7AI score0.09494EPSS
CVE
CVE
added 2017/10/13 4:0 p.m.66 views

CVE-2017-15014

OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3 is affected. The vulnerability arises when an authenticated user uploads content: after START_PUSH, content is uploaded, then END_PUSH_V2 returns a DATA_TICKET used to identify the file on the filesystem...

4.3CVSS4.5AI score0.04946EPSS
CVE
CVE
added 2023/05/18 12:0 a.m.65 views

CVE-2023-31871

OpenText Documentum Content Server before 23.2 is affected by a privilege-escalation vulnerability. A root-owned SUID binary, dm_secure_writer, can bypass security controls to enable an arbitrary file write as root from a non-privileged Documentum user. Documents from Red Hat and PTSecurity corro...

7.8CVSS7.9AI score0.0028EPSS
CVE
CVE
added 2017/04/21 2:11 a.m.59 views

CVE-2017-7220

OpenText Documentum Content Server has a vulnerability where an attacker can gain superuser access by saving a crafted object via sys_obj_save (or saving an object) and issuing an unauthorized UPDATE dm_dbo.dm_user_s SET user_privileges=16, i.e., the so‑called RPC save-commands attack. This CVE (...

9CVSS8.4AI score0.02032EPSS
CVE
CVE
added 2017/02/22 4:0 p.m.47 views

CVE-2017-5585

OpenText Documentum Content Server 7.3 (PostgreSQL builds) with return_top_results_row_based=false is vulnerable to DQL injection due to incomplete restriction of DQL hints. Remote authenticated users can craft requests to execute arbitrary DML or DDL commands. Root cause is an incomplete fix for...

8.8CVSS8.7AI score0.02012EPSS