CVE-2017-15013

Name of the Vulnerable Software and Affected Versions OpenText Documentum Content Server versions through 7.3

Description The issue allows an authenticated user to gain superuser privileges by exploiting a design gap in how Content Server stores and manages information about uploaded files in dmr content objects. These objects are queryable and can be modified by authenticated users, who can delete a dmr content object and then create a new one with the same identifier. This capability enables any authenticated user to replace the content of security-sensitive dmr content objects, such as those related to dm method objects, thereby gaining superuser privileges.

Recommendations For OpenText Documentum Content Server versions through 7.3, consider restricting access to dmr content objects to prevent authenticated users from modifying security-sensitive content, and limit the ability to delete and recreate dmr content objects with the same identifier. As a temporary workaround, consider implementing strict access controls on dmr content objects related to dm method objects to minimize the risk of exploitation.