CVE-2017-5585 in Documentum Content Serverinfo

Zusammenfassung

von MITRE

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

25.01.2017

Veröffentlichung

22.02.2017

Moderieren

akzeptiert

Eintrag

VDB-97217

CPE

bereit

CWE

CWE-74 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.02012

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-5585
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5585
CVE Details	https://www.cvedetails.com/cve/CVE-2017-5585/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!