CVE-2017-5586 is a critical remote command execution issue in OpenText Documentum D2 4.x. According to the official record, a remote attacker can execute arbitrary commands by sending a crafted serialized Java object, with references to BeanShell and Apache Commons Collections libraries. Because the issue is network-reachable, requires no privileges, and needs no user interaction, exposed D2 instances sho [truncated]
CVE-2017-5585 is a high-severity remote authenticated injection issue in OpenText Documentum Content Server 7.3 when PostgreSQL is used and return_top_results_row_based is set to false. According to the NVD record, improper restriction of DQL hints can let an authenticated attacker perform DQL injection and execute arbitrary DML or DDL commands through a crafted request. The CVE description also notes thi [truncated]
