CVE-2017-15013 in OpenText Documentum Content Serverinformazioni

Riassunto

di MITRE

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

03/10/2017

Divulgazione

13/10/2017

Moderazione

accettato

Voce

VDB-107854

CPE

pronto

CWE

CWE-264 (confermato)

Sfruttamento

Scaricare

CVSS

8.8 (NVD)

EPSS

0.06639

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-15013
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-15013
CVE Details	https://www.cvedetails.com/cve/CVE-2017-15013/

◂ Precedente Visione D'ensemble Il prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!