CVE-2015-4533

2015-08-2010:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-4533

emc

documentum

content server

security

vulnerability

code execution

privileged access

8.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.5%

JSON

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.

CPENameOperatorVersion
emc:documentum_content_serveremc documentum content servereq6.7
emc:documentum_content_serveremc documentum content servereq7.0
emc:documentum_content_serveremc documentum content servereq7.2
emc:documentum_content_serveremc documentum content servereq7.1

CPE	Name	Operator	Version
emc:documentum_content_server	emc documentum content server	eq	6.7
emc:documentum_content_server	emc documentum content server	eq	7.0
emc:documentum_content_server	emc documentum content server	eq	7.2
emc:documentum_content_server	emc documentum content server	eq	7.1