CVE-2017-5586

Опубликовано: 22 фев. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.

Ссылки

http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/96216
https://www.exploit-db.com/exploits/41366/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/96216
https://www.exploit-db.com/exploits/41366/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opentext:documentum_d2:4.0:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.1:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.2:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.3:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.4:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.5:*:*:*:*:*:*:*

cpe:2.3:a:opentext:documentum_d2:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.35327

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-42xq-c5pj-29x5