VYPR

Documentum Content Server

by Opentext

CVEs (11)

  • CVE-2017-15276HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.09

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR…

  • CVE-2017-15013HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.07

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are…

  • CVE-2017-15012HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.08

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the…

  • CVE-2017-7221HigApr 25, 2017
    risk 0.61cvss 8.8epss 0.04

    OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created…

  • CVE-2017-7220HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an…

  • CVE-2017-5585HigFeb 22, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection…

  • CVE-2024-4188HigJul 30, 2024
    risk 0.46cvss epss 0.00

    Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.

  • CVE-2024-12862MedApr 21, 2025
    risk 0.36cvss epss 0.00

    Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.

  • CVE-2017-15014MedOct 13, 2017
    risk 0.31cvss 4.3epss 0.05

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads…

  • CVE-2023-31871May 18, 2023
    risk 0.00cvss epss 0.00

    OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing…

  • CVE-2021-3010Feb 26, 2021
    risk 0.00cvss epss 0.01

    There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.