CVE-2014-2515

2014-08-2011:17:13

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Affected configurations

Nvd

Node

emcdocumentum_d2Match3.1-

emcdocumentum_d2Match3.1sp1

emcdocumentum_d2Match4.0

emcdocumentum_d2Match4.1

emcdocumentum_d2Match4.2

VendorProductVersionCPE
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
emcdocumentum_d24.0cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
emcdocumentum_d24.1cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
emcdocumentum_d24.2cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:-::::::
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:sp1::::::
emc	documentum_d2	4.0	cpe:2.3:a:emc:documentum_d2:4.0:::::::*
emc	documentum_d2	4.1	cpe:2.3:a:emc:documentum_d2:4.1:::::::*
emc	documentum_d2	4.2	cpe:2.3:a:emc:documentum_d2:4.2:::::::*