lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Apr 2017 23:18:49 +1000
From: "Andrey B. Panfilov" <>
To: "''" <>
Subject: CVE-2017-7220. OpenText Documentum Content Server: privilege
 evaluation using crafted RPC save-commands.

CVE Identifier: CVE-2017-7220
Vendor: OpenText
Affected products: OpenText  Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available


Initially this vulnerability was discovered in 2013 and was tracked by CERT/CC as VRF#HUFG9EBA (, vendor had undertaken a couple of attempts to remediate security flaw (see CVE-2014-2514 and for complete description), but all of them was wrong. The issue still persists in all versions of Documentum Content Server.

Andrey B. Panfilov

View attachment "" of type "text/x-python-script" (2956 bytes)

View attachment "" of type "text/x-python-script" (2949 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ