CVE-2014-0629

2014-03-0611:55:05

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

56.6%

JSON

EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.

Affected configurations

Nvd

Node

emcdocumentum_taskspaceMatch6.7sp1

emcdocumentum_taskspaceMatch6.7sp2

VendorProductVersionCPE
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*
emcdocumentum_taskspace6.7cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
emc	documentum_taskspace	6.7	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::