CVE-2017-5585
Last modified
CVE-2017-5585 is a vulnerability of currently unknown severity. OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.. EPSS estimates a 2.01% chance of exploitation in the next 30 days.
Description
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Documentum Content Server | 7.3 |
References
- http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.htmlExploit, Third Party Advisory
- http://www.securityfocus.com/bid/96224Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.htmlExploit, Third Party Advisory
- http://www.securityfocus.com/bid/96224Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5585?
How severe is CVE-2017-5585?
How do I fix CVE-2017-5585?
Are you affected by CVE-2017-5585?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST