Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2014-4626
HistoryDec 17, 2014 - 1:59 a.m.

CVE-2014-4626

2014-12-1701:59:00
CWE-264
dell
web.nvd.nist.gov
33
emc
documentum
content server
remote
authenticated
privilege escalation
cve-2014-4626
esa-2014-105
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object’s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.

Affected configurations

Nvd
Node
emcdocumentum_content_serverRange6.7sp1
OR
emcdocumentum_content_serverMatch6.7-
OR
emcdocumentum_content_serverMatch6.7sp2
OR
emcdocumentum_content_serverMatch7.0
OR
emcdocumentum_content_serverMatch7.1
VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
emcdocumentum_content_server7.1cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*

Related

prion 3
cvelist 3
nvd 3
securityvulns 4
cve 2
nessus 1
cert 1
prion
prion
Command injection
2014-12-17 01:59:00
Authorization
2015-09-04 01:59:00
Design/Logic Flaw
2014-08-20 11:17:00
cvelist
cvelist
CVE-2014-4626
2014-12-17 01:00:00
CVE-2015-4544
2015-09-04 01:00:00
CVE-2014-2515
2014-08-20 10:00:00
nvd
nvd
CVE-2014-4626
2014-12-17 01:59:00
CVE-2015-4544
2015-09-04 01:59:01
CVE-2014-2515
2014-08-20 11:17:13
securityvulns
securityvulns
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects
2015-07-05 00:00:00
ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability
2015-09-14 00:00:00
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability
2014-08-26 00:00:00
cve
cve
CVE-2015-4544
2015-09-04 01:59:01
CVE-2014-2515
2014-08-20 11:17:13
nessus
nessus
EMC Documentum D2 Privilege Escalation (ESA-2014-067)
2014-08-21 00:00:00
cert
cert
EMC Documentum products contain multiple vulnerabilities
2014-12-15 00:00:00

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON
Related for CVE-2014-4626
prion3cvelist3nvd3securityvulns4cve2nessus1cert1