CVE-2017-15276

Name of the Vulnerable Software and Affected Versions OpenText Documentum Content Server versions through 7.3

Description The issue allows an authenticated user to gain superuser privileges due to a design gap in the Content Server. This gap enables uploading content using batches, specifically TAR archives. When Content Server unpacks these archives, it fails to verify their contents, leading to a path traversal vulnerability via symlinks. Since some files on the Content Server filesystem are security-sensitive, this vulnerability results in privilege escalation.

Recommendations For versions through 7.3, consider restricting access to the TAR archive upload feature to minimize the risk of exploitation until a patch is available. As a temporary workaround, implement additional validation on the contents of uploaded TAR archives to prevent path traversal attacks.