CVE-2014-2504

2014-05-2600:25:31

CWE-264

dell

web.nvd.nist.gov

cve-2014-2504

emc documentum

access restriction bypass

dql

query execution

remote authenticated users

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.

Affected configurations

Nvd

Node

emcdocumentum_d2Match3.1-

emcdocumentum_d2Match3.1sp1

emcdocumentum_d2Match4.0

emcdocumentum_d2Match4.1

emcdocumentum_d2Match4.2

VendorProductVersionCPE
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
emcdocumentum_d24.0cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
emcdocumentum_d24.1cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
emcdocumentum_d24.2cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:-::::::
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:sp1::::::
emc	documentum_d2	4.0	cpe:2.3:a:emc:documentum_d2:4.0:::::::*
emc	documentum_d2	4.1	cpe:2.3:a:emc:documentum_d2:4.1:::::::*
emc	documentum_d2	4.2	cpe:2.3:a:emc:documentum_d2:4.2:::::::*