cvedb.io
CVE-2023-31871
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2023-05-18T17:15:08.957 · Last modified 2026-06-17T05:57:36.737

Summary

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.

Affected products

opentext — documentum_content_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when opentext ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.