Skip to main content

Documentum Content Server CVE-2023-31871

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2023-05-18 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2023 - 17:15 nvd
HIGH 7.8

DescriptionNVD

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.

AnalysisAI

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. Affected products include: Opentext Documentum Content Server. Version information: before 23.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2017-15012 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the i

CVE-2017-15013 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

CVE-2017-15276 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

CVE-2017-7221 HIGH POC
8.8 Apr 25

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote aut

CVE-2017-5585 HIGH POC
8.8 Feb 22

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and re

CVE-2017-7220 HIGH POC
8.8 Apr 21

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an

CVE-2015-4533 CRITICAL
9.0 Aug 20

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d

CVE-2015-4534 CRITICAL
9.0 Aug 20

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 befo

CVE-2015-4532 CRITICAL
9.0 Aug 20

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d

CVE-2014-4626 CRITICAL
9.0 Dec 17

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote a

CVE-2017-15014 MEDIUM POC
4.3 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

CVE-2014-4629 CRITICAL
9.0 Dec 06

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read

Share

CVE-2023-31871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy