CVE-2017-15013

HIGH

OpenText Documentum Content Server < 7.3 - Authenticated Privilege Escalation via dmr_content Object Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15013. PoCs published by Andrey B. Panfilov.

AI-analyzed exploit summary This exploit leverages a design gap in Opentext Documentum Content Server to escalate privileges by modifying dmr_content objects associated with dm_method objects, allowing an authenticated user to gain superuser privileges.

Description

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

Exploits (1)

exploitdb WORKING POC

by Andrey B. Panfilov · pythonwebappsmultiple

https://www.exploit-db.com/exploits/43004

View Code ZIP pw:eip

This exploit leverages a design gap in Opentext Documentum Content Server to escalate privileges by modifying dmr_content objects associated with dm_method objects, allowing an authenticated user to gain superuser privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Opentext Documentum Content Server (formerly EMC Documentum Content Server) versions before 7.2P02

Auth required

Prerequisites: Authenticated user access to the Documentum Content Server · Presence of a dm_method object with content

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43004/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101639

Mailing List, Third Party Advisory, VDB Entry x_refsource_misc

http://seclists.org/bugtraq/2017/Oct/19

Scores

CVSS v3 8.8

EPSS 0.0664

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

opentext/documentum_content_server < 7.3

Published Oct 13, 2017

Tracked Since Feb 18, 2026