CVE-2014-2513

2014-07-0811:06:00

CWE-20

[email protected]

web.nvd.nist.gov

emc documentum

content server

cve-2014-2513

privilege escalation

security vulnerability

8.5 High

AI Score

Confidence

High

8.2 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:C/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.

CPENameOperatorVersion
emc:documentum_content_serveremc documentum content servereq6.7
emc:documentum_content_serveremc documentum content servereq7.0
emc:documentum_content_serveremc documentum content servereq7.1

CPE	Name	Operator	Version
emc:documentum_content_server	emc documentum content server	eq	6.7
emc:documentum_content_server	emc documentum content server	eq	7.0
emc:documentum_content_server	emc documentum content server	eq	7.1