CVE-2014-2518

Published Aug 20, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C8B2F44-0C11-4C5F-A9BF-370B2200C02C"
          },
          {
            "criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F9563AE-98CF-47FE-BD6F-DE6A16FCE9F3"
          },
          {
            "criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3E8924B-2D5F-4C58-A52E-98D7EC559484"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBA794FE-5435-4657-B064-C4431D22A575"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21F2EF8-62DD-4EB2-8395-16D243E83E21"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C2C8EC9-1FC3-4527-A77C-279F718075EB"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42FD2B6A-3F23-415A-BF2B-32702EAD5BB5"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B004E9E-0316-41C5-B299-E90C86CA6492"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625"
          },
          {
            "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE"
          },
          {
            "criteria": "cpe:2.3:a:emc:engineering_plant_facilities_management_solution_for_documentum:1.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09A02ABE-068E-4916-874A-56E8C7714E51"
          },
          {
            "criteria": "cpe:2.3:a:emc:task_space:6.7:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6953B52A-612A-4C25-B3BA-B633C011BE3B"
          },
          {
            "criteria": "cpe:2.3:a:emc:task_space:6.7:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73A6B036-80E3-4714-B9D4-CFA6E03A32B5"
          },
          {
            "criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7543EDA8-0F65-4099-AB80-D98685B11F8B"
          },
          {
            "criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "967D249D-CC16-4F33-B4C6-3F096C410D1B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References