Vulnerabilities > Opentext > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-21 CVE-2017-7220 Improper Input Validation vulnerability in Opentext Documentum Content Server
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack.
network
low complexity
opentext CWE-20
8.8
8.8
2017-02-22 CVE-2017-5585 Injection vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.
network
low complexity
opentext CWE-74
8.8
8.8