CVE-2014-2514

2014-07-0811:06:01

CWE-20

dell

web.nvd.nist.gov

emc

documentum content server

authorization

bypass

cve-2014-2514

remote code execution

nvd

CVSS2

8.2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:C/A:P

AI Score

7.1

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp1

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
emcdocumentum_content_server7.1cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp1::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*
emc	documentum_content_server	7.1	cpe:2.3:a:emc:documentum_content_server:7.1:::::::*