CVE-2015-4533

2015-08-2010:59:15

CWE-264

dell

web.nvd.nist.gov

cve-2015-4533

emc

documentum

content server

security

vulnerability

code execution

privileged access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

8.7

Confidence

High

EPSS

0.009

Percentile

82.9%

JSON

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.

Affected configurations

Nvd

Node

emcdocumentum_content_serverMatch6.7sp1

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

emcdocumentum_content_serverMatch7.2

VendorProductVersionCPE
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
emcdocumentum_content_server7.1cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*
emcdocumentum_content_server7.2cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp1::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*
emc	documentum_content_server	7.1	cpe:2.3:a:emc:documentum_content_server:7.1:::::::*
emc	documentum_content_server	7.2	cpe:2.3:a:emc:documentum_content_server:7.2:::::::*