CVE-2017-15014

Name of the Vulnerable Software and Affected Versions OpenText Documentum Content Server (formerly EMC Documentum Content Server) versions through 7.3

Description The issue allows authenticated users to download arbitrary content files, regardless of their repository permissions, due to a design gap in the content upload process. This process involves several steps, including calling the START PUSH RPC-command, uploading the file, calling the END PUSH V2 RPC-command to receive a DATA TICKET, and creating a dmr content object with the received DATA TICKET value. As a result, any authenticated user can create a dmr content object pointing to existing content in the Content Server filesystem.

Recommendations For OpenText Documentum Content Server versions through 7.3, consider restricting access to the RPC-commands, specifically START PUSH and END PUSH V2, to prevent unauthorized users from uploading and linking to arbitrary content files. Additionally, restrict the ability to create dmr content objects to only those users who have the necessary permissions to access the content they are linking to. At the moment, there is no information about a newer version that contains a fix for this vulnerability.