CVE-2017-7220

Name of the Vulnerable Software and Affected Versions OpenText Documentum Content Server (affected versions not specified)

Description The issue allows superuser access via sys obj save or save of a crafted object, followed by an unauthorized "UPDATE dm dbo.dm user s SET user privileges=16" command, also referred to as an "RPC save-commands" attack. This is due to an incomplete fix for a previous issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.