CVE-2017-5585 in Documentum Content Serverinformazioni

Riassunto

di MITRE

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

25/01/2017

Divulgazione

22/02/2017

Moderazione

accettato

Voce

VDB-97217

CPE

pronto

CWE

CWE-74 (confermato)

CVSS

8.8 (NVD)

EPSS

0.02012

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-5585
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5585
CVE Details	https://www.cvedetails.com/cve/CVE-2017-5585/

◂ Precedente Visione D'ensemble Il prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!