DQL Injection Vulnerability in OpenText Documentum Content Server Products
CVE-2017-5585
8.8HIGH
Summary
OpenText Documentum Content Server version 7.3, when integrated with PostgreSQL Database, is susceptible to DQL injection due to improper handling of query hints. When the return_top_results_row_based configuration is set to false, remote authenticated users can exploit this vulnerability to inject crafted DQL commands. This exploits an incomplete fix for a prior vulnerability, allowing unauthorized manipulation of database commands, thereby posing a significant security risk.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved