OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete.
ace149b822a50c7993d6f686c8031fafa0ff63437d3e979c07952eb853919ff7
EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);
8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34