CVE-2017-5585

Name of the Vulnerable Software and Affected Versions OpenText Documentum Content Server versions 7.3

Description The issue allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request, due to the improper restriction of DQL hints when the PostgreSQL Database is used and the return top results row based config option is false.

Recommendations For OpenText Documentum Content Server version 7.3, set the return top results row based config option to true to mitigate the risk of DQL injection attacks. Additionally, consider restricting access to the DQL functionality until a more comprehensive fix is available.