CVE-2014-4629

2014-12-0615:59:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

70.8%

JSON

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.

Affected configurations

Nvd

Node

emcdocumentum_content_serverMatch6.7

emcdocumentum_content_serverMatch6.7sp1

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
emcdocumentum_content_server7.1cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp1::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*
emc	documentum_content_server	7.1	cpe:2.3:a:emc:documentum_content_server:7.1:::::::*