CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31871
https://notcve.org/view.php?id=CVE-2023-31871
18 May 2023 — OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. • https://gist.github.com/picar0jsu/a8e623639da34f36202ce5e436668de7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2017-15012 – OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-15012
13 Oct 2017 — OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 no valida correctamente la ent... • https://packetstorm.news/files/id/144616 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2017-15013 – OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-15013
13 Oct 2017 — OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticate... • https://packetstorm.news/files/id/144615 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 2CVE-2017-15014 – OpenText Documentum Content Server - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-15014
13 Oct 2017 — OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer,... • https://packetstorm.news/files/id/144614 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2017-15276 – OpenText Documentum Content Server - Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-15276
13 Oct 2017 — OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalati... • https://packetstorm.news/files/id/144613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 1CVE-2014-4626 – EMC Documentum Content Server ESA-2014-105 Fail
https://notcve.org/view.php?id=CVE-2014-4626
17 Dec 2014 — EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. EMC Documentum Content Server ant... • https://packetstorm.news/files/id/132536 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-4621 – EMC Documentum Content Server 7.x / 6.x Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4621
16 Sep 2014 — EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorización para subtipos de los tipo... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2014-4622 – EMC Documentum Content Server 7.x / 6.x Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4622
16 Sep 2014 — EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorización para subgrupos de grupos privilegiados, lo que permite... • https://packetstorm.news/files/id/133143 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-4618 – EMC Documentum Code Execution / DQL Injection
https://notcve.org/view.php?id=CVE-2014-4618
19 Aug 2014 — EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07 permite a usuarios remotos autenticados ganar privilegios a través de un objeto de sistema creado por un usuario. EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following ... • http://secunia.com/advisories/60571 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2014-2520 – EMC Documentum Code Execution / DQL Injection
https://notcve.org/view.php?id=CVE-2014-2520
19 Aug 2014 — EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07, cuando Oracle Database está utilizada, no restringe debidamente los hints DQL, lo que permite a usuarios remotos autenticados realizar ataques de inyección DQL ... • https://packetstorm.news/files/id/141124 • CWE-264: Permissions, Privileges, and Access Controls •