CVE-2014-0629

2014-03-0611:55:05

CWE-264

dell

web.nvd.nist.gov

cve-2014-0629

emc documentum

taskspace

tsp

security vulnerability

sensitive information

remote authenticated users

privilege escalation

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.6%

JSON

EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.

Affected configurations

Nvd

Node

emcdocumentum_taskspaceMatch6.7sp1

emcdocumentum_taskspaceMatch6.7sp2

VendorProductVersionCPE
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::