CVE-2017-7221
Last modified
CVE-2017-7221 is a vulnerability of currently unknown severity. OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.. EPSS estimates a 4.20% chance of exploitation in the next 30 days.
Description
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Documentum Content Server | All versions |
References
- http://seclists.org/fulldisclosure/2017/Apr/97Exploit, Mailing List, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/98038Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Apr/97Exploit, Mailing List, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/98038Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7221?
How severe is CVE-2017-7221?
How do I fix CVE-2017-7221?
Are you affected by CVE-2017-7221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST