CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
82.9%
EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.
EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor, please visit <https://support.emc.com/docu38558> (requires EMC Online Support credentials). Search by CVE ID and/or ESA ID referenced in the spreadsheet.
The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).
The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.
Apply an update
EMC has released updates to address many of the issues in question. For information about specific updates, including discussion about their effectiveness, refer to the spreadsheet.
315340
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 25, 2014 Updated: December 16, 2014
Statement Date: December 16, 2014
Affected
EMC has been working with CERT on the issues announced in their recent advisory. We have released updates to address many of the issues in question and are investigating others. We will continue to create our remediation plans for open vulnerabilities and provide remedies via security advisories. We encourage our customers to refer to <http://support.emc.com> for the latest EMC Security Advisories: <https://support.emc.com/docu38558> and follow the steps identified in them to protect themselves. Please contact EMC Support for all other questions.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 9 | E:POC/RL:ND/RC:C |
Environmental | 6.7 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Andrey B. Panfilov for reporting these vulnerabilities.
This document was written by Joel Land.
CVE IDs: | CVE-2014-2520, CVE-2014-2518, CVE-2014-4622, CVE-2014-2514, CVE-2014-2507, CVE-2014-2513, CVE-2014-4618, CVE-2014-4626, CVE-2014-2515, CVE-2014-2504, CVE-2014-4629 |
---|---|
Date Public: | 2014-12-15 Date First Published: |