Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
emc documentum content server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15012
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some f...
Opentext Documentum Content Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-15013
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, w...
Opentext Documentum Content Server
1 EDB exploit
4.3
CVSSv3
CVE-2017-15014
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authentica...
Opentext Documentum Content Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-15276
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpac...
Opentext Documentum Content Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-5585
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attack...
Opentext Documentum Content Server 7.3
NA
CVE-2015-4544
EMC Documentum Content Server prior to 7.1P20 and 7.2.x prior to 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because o...
Emc Documentum Content Server 7.2
Emc Documentum Content Server 7.1
NA
CVE-2015-4534
Java Method Server (JMS) in EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb pa...
Emc Documentum Content Server 7.0
Emc Documentum Content Server 7.1
Emc Documentum Content Server 6.7
Emc Documentum Content Server 7.2
NA
CVE-2015-4531
EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass...
Emc Documentum Content Server 6.7
Emc Documentum Content Server 7.1
Emc Documentum Content Server 7.2
Emc Documentum Content Server 7.0
NA
CVE-2015-4533
EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges...
Emc Documentum Content Server 6.7
Emc Documentum Content Server 7.1
Emc Documentum Content Server 7.2
Emc Documentum Content Server 7.0
NA
CVE-2015-4535
Java Method Server (JMS) in EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to r...
Emc Documentum Content Server 7.2
Emc Documentum Content Server 7.0
Emc Documentum Content Server 7.1
Emc Documentum Content Server 6.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »