Lucene search

DellCVE-2014-2506

HistoryJun 08, 2014 - 4:31 a.m.

CVE-2014-2506

2014-06-0804:31:53

CWE-264

dell

web.nvd.nist.gov

cve-2014-2506

emc documentum

content server

security vulnerability

data access

remote authentication

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp1

emcdocumentum_content_serverMatch6.0

emcdocumentum_content_serverMatch6.5

emcdocumentum_content_serverMatch6.5sp1

emcdocumentum_content_serverMatch6.5sp2

emcdocumentum_content_serverMatch6.5sp3

emcdocumentum_content_serverMatch6.6

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.0cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
emcdocumentum_content_server6.6cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp1::::::*
emc	documentum_content_server	6.0	cpe:2.3:a:emc:documentum_content_server:6.0:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp1::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp2::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp3::::::
emc	documentum_content_server	6.6	cpe:2.3:a:emc:documentum_content_server:6.6:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*

Rows per page:

1-10 of 111

References

archives.neohapsis.com/archives/bugtraq/2014-06/0051.html

packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html

secunia.com/advisories/58954

www.securityfocus.com/archive/1/532596/100/0/threaded

www.securityfocus.com/bid/67917

www.securitytracker.com/id/1030339

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

Related for CVE-2014-2506