Opentext Documentum Content Server File Hijack / Privilege Escalation

Discussion in 'News Aggregator' started by Packet Storm, 15 Oct 2017.

  1. Packet Storm

    Packet Storm Guest

    Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.

    Continue reading...
     
    #1 Packet Storm, 15 Oct 2017
(You must log in or sign up to post here.)

Share This Page

Loading...