- Description
- EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
- Source
- security_alert@emc.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7"
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F"
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA"
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818"
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4"
}
],
"operator": "OR"
}
]
}
]