CVE-2017-15012

Published: 13/10/2017 Updated: 03/11/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opentext documentum content server

#!/usr/bin/env python # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) # does not properly validate input of PUT_FILE RPC-command which allows any # authenticated user to hijack arbitrary file from Content Server filesystem, # because some files on Content Server filesystem are security-sensitive # the securit ...

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem Because some files on the Content Server filesystem are security-sensitive this security flaw leads to priv ...

CWE-20 http://seclists.org/bugtraq/2017/Oct/19 https://www.exploit-db.com/exploits/43003/http://www.securityfocus.com/bid/101639 https://nvd.nist.gov https://www.exploit-db.com/exploits/43003/

CVE-2017-15012

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect