← back
CVE-2017-15012

CVE-2017-15012

EPSS 7.8%
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43003/unverifiedexploitdbwww.exploit-db.com/exploits/43003unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2017/Oct/19https://www.exploit-db.com/exploits/43003/http://www.securityfocus.com/bid/101639