Skip to main content

Documentum Content Server

28 CVEs product

Monthly

CVE-2023-31871 HIGH POC This Week

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-15276 HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Privilege Escalation Documentum Content Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.6%
CVE-2017-15014 MEDIUM POC This Month

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
4.3%
CVE-2017-15013 HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.4%
CVE-2017-15012 HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.1%
CVE-2017-7221 HIGH POC This Week

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Documentum Content Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-7220 HIGH POC This Week

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Documentum Content Server
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-5585 HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PostgreSQL Documentum Content Server
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2015-4544 CRITICAL Act Now

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2015-4536 LOW Monitor

EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4535 HIGH This Week

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Java Documentum Content Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-4534 CRITICAL Act Now

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
2.3%
CVE-2015-4533 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
3.3%
CVE-2015-4532 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
2.2%
CVE-2015-4531 CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2014-4626 CRITICAL Act Now

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
1.2%
CVE-2014-4629 CRITICAL Act Now

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2014-4622 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-4621 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2014-4618 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.0%
CVE-2014-2521 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
CVSS 2.0
6.3
EPSS
0.4%
CVE-2014-2520 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Oracle Documentum Content Server
NVD
CVSS 2.0
6.3
EPSS
0.4%
CVE-2014-2514 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

RCE Documentum Content Server
NVD
CVSS 2.0
8.2
EPSS
2.2%
CVE-2014-2513 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

RCE Documentum Content Server
NVD
CVSS 2.0
8.2
EPSS
1.0%
CVE-2014-2508 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Documentum Content Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-2507 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.7%
CVE-2014-2506 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.0%
CVE-2014-0642 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD VulDB
CVSS 2.0
5.5
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH POC This Week

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Privilege Escalation Documentum Content Server
NVD Exploit-DB
EPSS 4% CVSS 4.3
MEDIUM POC This Month

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Documentum Content Server
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Documentum Content Server
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PostgreSQL Documentum Content Server
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 0% CVSS 3.5
LOW Monitor

EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Java Documentum Content Server
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java Documentum Content Server
NVD
EPSS 3% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Documentum Content Server
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 0% CVSS 7.1
HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 1% CVSS 8.5
HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 1% CVSS 8.5
HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Oracle Documentum Content Server
NVD
EPSS 2% CVSS 8.2
HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

RCE Documentum Content Server
NVD
EPSS 1% CVSS 8.2
HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

RCE Documentum Content Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Documentum Content Server
NVD
EPSS 2% CVSS 8.5
HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Documentum Content Server
NVD
EPSS 1% CVSS 8.5
HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy