Lucene search

K
OpentextDocumentum Content Server

5 matches found

CVE
CVE
added 2017/10/13 4:29 p.m.59 views

CVE-2017-15012

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server file...

8.8CVSS8.6AI score0.0229EPSS
CVE
CVE
added 2017/10/13 4:29 p.m.59 views

CVE-2017-15013

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editabl...

8.8CVSS8.6AI score0.01887EPSS
CVE
CVE
added 2017/04/25 2:59 p.m.56 views

CVE-2017-7221

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object...

8.8CVSS8.8AI score0.0172EPSS
CVE
CVE
added 2017/10/13 4:29 p.m.52 views

CVE-2017-15276

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Serv...

8.8CVSS8.7AI score0.02611EPSS
CVE
CVE
added 2017/02/22 4:59 p.m.36 views

CVE-2017-5585

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbit...

8.8CVSS8.7AI score0.01041EPSS