CVE-2017-5586
Published Feb 22, 2017
Last updated 8 years ago
Overview
- Description
- OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4667B360-FF26-4F2B-86EA-106ACA727B28"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "908D9F8A-87D7-46A0-BA8E-B7CA4A7808F9"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A08F926-B628-45B2-A745-758F7E5E3217"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED28126-775B-4DFD-92B1-38E70CABCF63"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAB00B8A-6E66-4E6D-9182-B3BC94B47E44"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8E54DC3-7B37-43EF-B355-9CD4AF1F778D"
},
{
"criteria": "cpe:2.3:a:opentext:documentum_d2:4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89FDA5A9-1028-47BE-9190-0B7095C6441C"
}
],
"operator": "OR"
}
]
}
]