CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
70.8%
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object’s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
Vendor | Product | Version | CPE |
---|---|---|---|
emc | documentum_content_server | * | cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:* |
emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:* |
emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:* |
emc | documentum_content_server | 7.0 | cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:* |
emc | documentum_content_server | 7.1 | cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:* |