CVE-2017-15013 - OpenCVE

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opentext	Documentum Content Server

Configuration 1 [-]

cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/bugtraq/2017/Oct/19
http://www.securityfocus.com/bid/101639
https://www.exploit-db.com/exploits/43004/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-13T16:00:00

Updated: 2024-08-05T19:42:22.321Z

Reserved: 2017-10-03T00:00:00

Link: CVE-2017-15013

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-13T16:29:00.247

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-15013

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and \"editable\" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-02T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "43004", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43004/"}, {"name": "101639", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101639"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/bugtraq/2017/Oct/19"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and \"editable\" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43004", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43004/"}, {"name": "101639", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101639"}, {"name": "http://seclists.org/bugtraq/2017/Oct/19", "refsource": "MISC", "url": "http://seclists.org/bugtraq/2017/Oct/19"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:42:22.321Z"}, "title": "CVE Program Container", "references": [{"name": "43004", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/43004/"}, {"name": "101639", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101639"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/bugtraq/2017/Oct/19"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15013", "datePublished": "2017-10-13T16:00:00", "dateReserved": "2017-10-03T00:00:00", "dateUpdated": "2024-08-05T19:42:22.321Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:documentum_content_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "78887F85-A395-41C2-AED8-2857620518A7", "versionEndIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and \"editable\" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges."}, {"lang": "es", "value": "OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versi\u00f3n 7.3 contiene el siguiente fallo de dise\u00f1o, que permite que un usuario autenticado gane privilegios de superuser: Content Server almacena informaci\u00f3n sobre archivos subidos en objetos dmr_content, los cuales son consultables y \"editables\" (antes de la distribuci\u00f3n 7.2P02, cualquier usuario autenticado pod\u00eda editar objetos dmr_content; ahora cualquier usuario autenticado puede borrar objetos dmr_content y, a continuaci\u00f3n, crear uno nuevo con el antiguo identificador) por usuarios autenticados. Esto permite que cualquier usuario autenticado reemplace el contenido de objetos dmr_content sensibles (por ejemplo, contenido dmr_content relacionado con objetos dm_method objects) y obteniendo privilegios de superuser."}], "id": "CVE-2017-15013", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-13T16:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/bugtraq/2017/Oct/19"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/101639"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/43004/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}