Lucene search

DellCVE-2014-4621

HistorySep 17, 2014 - 10:55 a.m.

CVE-2014-4621

2014-09-1710:55:07

CWE-264

dell

web.nvd.nist.gov

emc

documentum

content server

authorization

bypass

cve-2014-4621

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp2

emcdocumentum_content_serverMatch6.0

emcdocumentum_content_serverMatch6.5

emcdocumentum_content_serverMatch6.5sp1

emcdocumentum_content_serverMatch6.5sp2

emcdocumentum_content_serverMatch6.5sp3

emcdocumentum_content_serverMatch6.6

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp1

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.0cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
emcdocumentum_content_server6.6cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp2::::::*
emc	documentum_content_server	6.0	cpe:2.3:a:emc:documentum_content_server:6.0:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp1::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp2::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp3::::::
emc	documentum_content_server	6.6	cpe:2.3:a:emc:documentum_content_server:6.6:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp1::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*

Rows per page:

1-10 of 111

References

archives.neohapsis.com/archives/bugtraq/2014-09/0093.html

secunia.com/advisories/61251

www.securityfocus.com/bid/69817

www.securitytracker.com/id/1030855

exchange.xforce.ibmcloud.com/vulnerabilities/95989

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

Related for CVE-2014-4621