File Hijacking Vulnerability in OpenText Documentum Content Server
CVE-2017-15012
8.8HIGH
Summary
The OpenText Documentum Content Server, up to version 7.3, does not adequately validate input for the PUT_FILE RPC-command. This lack of validation enables authenticated users to manipulate the system, thereby hijacking arbitrary files from the server's filesystem. Since some of these files contain sensitive security information, this flaw poses a significant risk of privilege escalation, allowing users to gain unauthorized access to critical data.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved