CVE-2017-15012

OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.

OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 no valida correctamente la entrada del comando RPC PUT_FILE, lo que permite que cualquier usuario autenticado secuestre un archivo arbitrario del sistema de archivos Content Server; debido a que algunos de los archivos del sistema de archivos son confidenciales, esto conduce a un escalado de privilegios.

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-10-03 CVE Reserved
2017-10-13 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (3)

URL	Tag	Source
http://seclists.org/bugtraq/2017/Oct/19	Mailing List
http://www.securityfocus.com/bid/101639	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/43003	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opentext Search vendor "Opentext"		Documentum Content Server Search vendor "Opentext" for product "Documentum Content Server"				<= 7.3 Search vendor "Opentext" for product "Documentum Content Server" and version " <= 7.3"		-		Affected