Path Traversal Vulnerability in OpenText Documentum Content Server
CVE-2017-15276
8.8HIGH
Summary
OpenText Documentum Content Server, version 7.3, has a design flaw that enables an authenticated user to acquire superuser privileges. The server allows users to upload content using TAR archives but fails to properly verify the contents during extraction. This oversight leads to a path traversal vulnerability by exploiting symbolic links, allowing attackers to access sensitive files within the server's filesystem, ultimately resulting in privilege escalation.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved