Lucene search

DellCVE-2014-2507

HistoryJun 08, 2014 - 4:31 a.m.

CVE-2014-2507

2014-06-0804:31:53

CWE-78

dell

web.nvd.nist.gov

emc

documentum

content server

remote code execution

cve-2014-2507

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp1

emcdocumentum_content_serverMatch6.0

emcdocumentum_content_serverMatch6.5

emcdocumentum_content_serverMatch6.5sp1

emcdocumentum_content_serverMatch6.5sp2

emcdocumentum_content_serverMatch6.5sp3

emcdocumentum_content_serverMatch6.6

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.0cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
emcdocumentum_content_server6.6cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp1::::::*
emc	documentum_content_server	6.0	cpe:2.3:a:emc:documentum_content_server:6.0:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp1::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp2::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp3::::::
emc	documentum_content_server	6.6	cpe:2.3:a:emc:documentum_content_server:6.6:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*

Rows per page:

1-10 of 111

References

archives.neohapsis.com/archives/bugtraq/2014-06/0051.html

packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html

secunia.com/advisories/58954

www.securityfocus.com/archive/1/532596/100/0/threaded

www.securityfocus.com/bid/67916

www.securitytracker.com/id/1030339

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Related for CVE-2014-2507