Lucene search

DellCVE-2015-4524

HistoryJul 04, 2015 - 2:59 p.m.

CVE-2015-4524

2015-07-0414:59:01

CWE-434

dell

web.nvd.nist.gov

vulnerability

emc documentum

webtop

file upload

remote code execution

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

56.5%

JSON

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.

Affected configurations

Nvd

Node

emcdocumentum_administratorMatch6.7sp1

emcdocumentum_administratorMatch6.7sp2

emcdocumentum_administratorMatch7.0

emcdocumentum_administratorMatch7.1

emcdocumentum_administratorMatch7.2

emcdocumentum_digital_asset_managerMatch6.5sp6

emcdocumentum_taskspaceMatch6.7sp1

emcdocumentum_taskspaceMatch6.7sp2

emcdocumentum_web_publisherMatch6.5sp7

emcdocumentum_webtopMatch6.7sp1

emcdocumentum_webtopMatch6.7sp2

emcdocumentum_webtopMatch6.8

VendorProductVersionCPE
emcdocumentum_administrator6.7cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*
emcdocumentum_administrator6.7cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*
emcdocumentum_administrator7.0cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*
emcdocumentum_administrator7.1cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*
emcdocumentum_administrator7.2cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*
emcdocumentum_digital_asset_manager6.5cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*
emcdocumentum_web_publisher6.5cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*
emcdocumentum_webtop6.7cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_administrator	6.7	cpe:2.3:a:emc:documentum_administrator:6.7:sp1::::::
emc	documentum_administrator	6.7	cpe:2.3:a:emc:documentum_administrator:6.7:sp2::::::
emc	documentum_administrator	7.0	cpe:2.3:a:emc:documentum_administrator:7.0:::::::*
emc	documentum_administrator	7.1	cpe:2.3:a:emc:documentum_administrator:7.1:::::::*
emc	documentum_administrator	7.2	cpe:2.3:a:emc:documentum_administrator:7.2:::::::*
emc	documentum_digital_asset_manager	6.5	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6::::::
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::
emc	documentum_web_publisher	6.5	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7::::::
emc	documentum_webtop	6.7	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::

Rows per page:

1-10 of 121

References

seclists.org/bugtraq/2015/Jul/9

www.securitytracker.com/id/1032770

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

56.5%

JSON

Related for CVE-2015-4524