// For flags

CVE-2017-15276

OpenText Documentum Content Server - Privilege Escalation

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.

OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 contiene el siguiente fallo de diseño, que permite que un usuario autenticado gane privilegios de superuser: Content Server permite la subida de contenidos usando lotes (archivos TAR). Al desempaquetar archivos TAR, Content Server no puede verificar el contenido de un archivo, lo que provoca una vulnerabilidad de salto de directorio mediante vínculos simbólicos. Debido a que algunos archivos en el sistema de archivos Content Server son confidenciales, esto lleva a un escalado de privilegios.

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-10-11 CVE Reserved
  • 2017-10-13 CVE Published
  • 2023-09-23 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opentext
Search vendor "Opentext"
 Documentum Content Server
Search vendor "Opentext" for product "Documentum Content Server"
 <= 7.3
Search vendor "Opentext" for product "Documentum Content Server" and version " <= 7.3"
-
Affected