CVE-2017-15014 in OpenText Documentum Content Server
Summary
by MITRE
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/13/2025
The vulnerability described in CVE-2017-15014 represents a critical authorization bypass flaw within OpenText Documentum Content Server version 7.3 and earlier. This design gap fundamentally undermines the repository's access control mechanisms by allowing authenticated users to manipulate the content linking process. The vulnerability stems from the improper validation of file references during the content upload workflow, creating an opportunity for privilege escalation through malicious object creation.
The technical implementation of this vulnerability occurs during the content upload process through the RPC interface. When users perform file uploads, the system executes a series of commands including START_PUSH, file upload, and END_PUSH_V2 which returns a DATA_TICKET value. This ticket serves as a filesystem identifier for the uploaded content. However, the design flaw allows malicious actors to create dmr_content objects that reference existing files in the Content Server filesystem without proper authorization checks. The vulnerability specifically exploits the lack of validation when creating these content objects, enabling users to point to arbitrary files regardless of their repository permissions.
This authorization bypass has significant operational implications for organizations relying on Documentum Content Server for document management. The vulnerability allows authenticated users to access content they should not be authorized to retrieve, potentially exposing sensitive documents, proprietary information, or confidential data. The impact extends beyond simple unauthorized access as it enables potential data exfiltration and information disclosure attacks. Attackers can leverage this vulnerability to construct malicious content objects that reference files in the filesystem, effectively circumventing the repository's permission model and creating a backdoor for content access.
The vulnerability aligns with CWE-284, which addresses improper access control, and demonstrates characteristics consistent with privilege escalation attacks in content management systems. From an ATT&CK perspective, this vulnerability maps to T1078 Valid Accounts and T1005 Data from Local System, as it allows authenticated users to access system resources they should not normally be able to reach. The attack vector involves a relatively simple manipulation of the Content Server's RPC interface, making it particularly dangerous as it requires minimal technical expertise to exploit. Organizations should implement immediate mitigations including access control hardening, monitoring of RPC commands, and validation of content object creation processes.
Mitigation strategies should focus on strengthening the validation mechanisms within the Content Server's upload workflow. Organizations must implement proper authorization checks when creating dmr_content objects, ensuring that users cannot reference files they do not have access to. The recommended approach includes enforcing strict validation of DATA_TICKET values against existing file permissions, implementing additional authentication checks during object creation, and monitoring for suspicious object creation patterns. Security patches should be applied immediately to address this design gap, and organizations should consider implementing network segmentation to limit access to Content Server RPC interfaces. Regular security audits of content management systems should include verification of object creation permissions and access control enforcement to prevent similar vulnerabilities from emerging in other components of the repository infrastructure.