OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.
075e41464f5a5b594ef398cfbdc839e338020d08e61a4d818296c681db42b4d7
The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.
e93c2829969b19c504cd3f1c57ed73580f7207de2859d1e952e49e3a60186fc8
EMC Documentum Content Server contains fixes for privilege escalation vulnerabilities that could be potentially exploited by malicious users to compromise the affected system.
f325a3ed2f21489039f40780cda08a8b95fc127428b6d92df13bc26359e58257