File Hijacking Vulnerability in OpenText Documentum Content Server
CVE-2017-15012

8.8HIGH

Key Information:

Vendor
Opentext
Status
Documentum Content Server
Vendor
CVE Published:
13 October 2017

Summary

The OpenText Documentum Content Server, up to version 7.3, does not adequately validate input for the PUT_FILE RPC-command. This lack of validation enables authenticated users to manipulate the system, thereby hijacking arbitrary files from the server's filesystem. Since some of these files contain sensitive security information, this flaw poses a significant risk of privilege escalation, allowing users to gain unauthorized access to critical data.

References

https://www.exploit-db.com/exploits/43003/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/101639
vdb-entryx_refsource_BID
http://seclists.org/bugtraq/2017/Oct/19
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.