CVE-2014-4622

2014-09-1710:55:00

CWE-264

[email protected]

web.nvd.nist.gov

emc

documentum

content server

security

authorization

vulnerability

cve-2014-4622

nvd

data access

server actions

remote authentication

6.4 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.4%

JSON

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.

CPENameOperatorVersion
emc:documentum_content_serveremc documentum content servereq6.7
emc:documentum_content_serveremc documentum content servereq7.0
emc:documentum_content_serveremc documentum content servereq6.0
emc:documentum_content_serveremc documentum content servereq6.5
emc:documentum_content_serveremc documentum content servereq6.6
emc:documentum_content_serveremc documentum content servereq7.1

CPE	Name	Operator	Version
emc:documentum_content_server	emc documentum content server	eq	6.7
emc:documentum_content_server	emc documentum content server	eq	7.0
emc:documentum_content_server	emc documentum content server	eq	6.0
emc:documentum_content_server	emc documentum content server	eq	6.5
emc:documentum_content_server	emc documentum content server	eq	6.6
emc:documentum_content_server	emc documentum content server	eq	7.1