CVE-2017-15013

OpenText Documentum Content Server - 'dmr_content' Privilege Escalation

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 contiene el siguiente fallo de diseño, que permite que un usuario autenticado gane privilegios de superuser: Content Server almacena información sobre archivos subidos en objetos dmr_content, los cuales son consultables y "editables" (antes de la distribución 7.2P02, cualquier usuario autenticado podía editar objetos dmr_content; ahora cualquier usuario autenticado puede borrar objetos dmr_content y, a continuación, crear uno nuevo con el antiguo identificador) por usuarios autenticados. Esto permite que cualquier usuario autenticado reemplace el contenido de objetos dmr_content sensibles (por ejemplo, contenido dmr_content relacionado con objetos dm_method objects) y obteniendo privilegios de superuser.

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-10-03 CVE Reserved
2017-10-13 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-269: Improper Privilege Management

CAPEC

References (3)

URL	Tag	Source
http://seclists.org/bugtraq/2017/Oct/19	Mailing List
http://www.securityfocus.com/bid/101639	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/43004	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opentext Search vendor "Opentext"		Documentum Content Server Search vendor "Opentext" for product "Documentum Content Server"				<= 7.3 Search vendor "Opentext" for product "Documentum Content Server" and version " <= 7.3"		-		Affected