Unrated severityNVD Advisory· Published May 18, 2023· Updated Jan 22, 2025
CVE-2023-31871
CVE-2023-31871
Description
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <23.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.