CVE-2014-4622

2014-09-1710:55:07

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp2

emcdocumentum_content_serverMatch6.0

emcdocumentum_content_serverMatch6.5

emcdocumentum_content_serverMatch6.5sp1

emcdocumentum_content_serverMatch6.5sp2

emcdocumentum_content_serverMatch6.5sp3

emcdocumentum_content_serverMatch6.6

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp1

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.0cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
emcdocumentum_content_server6.6cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp2::::::*
emc	documentum_content_server	6.0	cpe:2.3:a:emc:documentum_content_server:6.0:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp1::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp2::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp3::::::
emc	documentum_content_server	6.6	cpe:2.3:a:emc:documentum_content_server:6.6:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp1::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*