Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
755
VMScore

CVE-2017-5586

Published: 22/02/2017 Updated: 01/03/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Opentext

Vulnerability Summary

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opentext documentum d2 4.1

opentext documentum d2 4.4

opentext documentum d2 4.3

opentext documentum d2 4.0

opentext documentum d2 4.2

opentext documentum d2 4.5

opentext documentum d2 4.6

Exploits

Exploit DB: OpenText Documentum D2 - Remote Code Execution
/** CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4x Researcher: Andrey B Panfilov Severity Rating: CVSS v3 Base Score: 100 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialised data from untrusted sources, w ...
Exploit DB: OpenText Documentum D2 4.x Remote Code Execution
OpenText Documentum D2 version 4x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution ...

Github Repositories

https://github.com/joelee2012/claircli

Command line tool to interact with Quay Clair

claircli claircli is a command line tool to interact with Quay Clair, which has following functionalities: analyze docker images in local host analyze docker images in remote host analyze docker images in secure/insecure registry support threshold/whitelist for vulnerabilities support fat manifests report to HTML/JSON, the html report is based on template Installation python3

References

CWE-20https://www.exploit-db.com/exploits/41366/http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.htmlhttp://www.securityfocus.com/bid/96216https://nvd.nist.govhttps://github.com/joelee2012/clairclihttps://www.exploit-db.com/exploits/41366/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook