CVE-2017-7220 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opentext	Documentum Content Server	-

Related Weaknesses (CWE)

CWE-20

References

http://seclists.org/bugtraq/2017/Apr/61ExploitMailing ListThird Party Advisory
https://gist.github.com/andreybpanfilov/d8792484e13971982c0719ae59ab8c7cExploitThird Party Advisory
https://gist.github.com/andreybpanfilov/e0e60ae9d525a34cca04eb4c89a21e04ExploitThird Party Advisory
http://seclists.org/bugtraq/2017/Apr/61ExploitMailing ListThird Party Advisory
https://gist.github.com/andreybpanfilov/d8792484e13971982c0719ae59ab8c7cExploitThird Party Advisory
https://gist.github.com/andreybpanfilov/e0e60ae9d525a34cca04eb4c89a21e04ExploitThird Party Advisory

FAQ

What is CVE-2017-7220?

CVE-2017-7220 is a vulnerability with a CVSS score of 8.8 (HIGH). OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "R...

How severe is CVE-2017-7220?

CVE-2017-7220 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7220?

Check the references section above for vendor advisories and patch information. Affected products include: Opentext Documentum Content Server.