21 matches found
CVE-2014-2513
OpenText/OpenText Documentum Content Server is affected (EMC Documentum Content Server) prior to versions 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06. The root cause is an inadequate authorization check in the dm_bp_transition docbase method, allowing remote authenticated ...
CVE-2011-4144
CVE-2011-4144 affects EMC Documentum Content Server (versions: 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, 6.6 before P02). It enables local users with sysadmin-level access to elevate to the highest superuser privileges. The issue is documented with a privilege-elevation vector via system a...
CVE-2015-4533
CVE-2015-4533 affects EMC Documentum Content Server (versions listed: 6.7SP1 P32 and earlier, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, 7.2 before P02). The issue: after object creation, authorization is not properly checked, allowing remote authenticated users to execute arbitrary code ...
CVE-2014-4622
EMC Documentum Content Server is affected by multiple privilege-escalation vulnerabilities (CVE-2014-4622, CVE-2015-4531/4532/4533/4534/4535/4536) across versions prior to 6.7SP1 P32, 6.7SP2 P25, 7.0 P19, 7.1 P16, and 7.2 P02. The root cause involves improper authorization checks for subgroups wi...
CVE-2015-4531
The CVE-2015-4531 issue affects EMC Documentum Content Server prior to the specified patches: 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02. Root cause is an incomplete fix for CVE-2014-4622, leading to improper authorization checks for subgroups of privileged ...
CVE-2015-4544
CVE-2015-4544 affects EMC Documentum Content Server. The issue is improper authorization checks on dm_job object access, allowing remote authenticated users to escalate to superuser privileges via crafted object operations. Affects Content Server prior to 7.1P20 and 7.2.x prior to 7.2P04; this st...
CVE-2014-2520
OpenText/OpenText Documentum Content Server is affected by CVE-2014-2520 in Oracle DB deployments, where the DQL engine fails to properly restrict DQL hints, enabling remote authenticated users to perform DQL injections and read sensitive data. Affected versions include EMC Documentum Content Ser...
CVE-2014-4626
EMC Documentum Content Server is affected by CVE-2014-4626, allowing remote authenticated users to escalate privileges via manipulation of dm_job objects or dm_job_request objects, potentially affecting 6.7 SP1 P29, 6.7 SP2 P18, 7.0 P16, and 7.1 P09. Root cause noted as an incomplete fix for CVE-...
CVE-2014-0642
The CVE-2014-0642 issue affects EMC Documentum Content Server and stems from improper authorization checks that let remote authenticated users read metadata outside restricted folders. Affected versions include 6.7 SP1 (before P26), 6.7 SP2 (before P13), 7.0 (before P13), and 7.1 (before P02). Th...
CVE-2015-4534
EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...
CVE-2015-4532
CVE-2015-4532 affects EMC Documentum Content Server prior to specific service packs/patch levels (6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, 7.2 before P02). The root cause is insufficient authorization checks and lack of proper restriction of object types, enabling remote aut...
CVE-2014-2507
EMC Documentum Content Server is affected by CVE-2014-2507 (shell command injection). The vulnerability affects 6.7 SP1 before P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05, allowing remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to un...
CVE-2014-2508
CVE-2014-2508 affects EMC Documentum Content Server versions 6.7 SP1 P28, 6.7 SP2 P14, 7.0 P15, and 7.1 P05 and earlier, where an authenticated user can exploit DQL hints to perform DQL injection and bypass restrictions on database actions. The root cause is described as improper handling/validat...
CVE-2014-2514
CVE-2014-2514 affects EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06. The issue arises from improper authorization checks and insufficient restriction of object types, allowing remote authenticated users to run save RPC commands with super...
CVE-2014-4621
EMC Documentum Content Server is affected by CVE-2014-4621. The issue stems from improper authorization checks on subtypes of protected system types, allowing remote authenticated users to create system objects with super‑user privileges and bypass restrictions on data access and server actions. ...
CVE-2015-4535
CVE-2015-4535 affects EMC Documentum Content Server where Java Method Server (JMS) can be exploited when debug_trace is enabled to let remote authenticated users gain super-user privileges by reading a log containing a login ticket. This is part of a set of vulnerabilities in the ESA-2015-131 adv...
CVE-2014-2506
EMC Documentum Content Server (versions 6.7 SP1 P28, 6.7 SP2 P14, 7.0 before P15, 7.1 before P05) contains a privilege-escalation vulnerability (CVE-2014-2506) exploitable by remote authenticated users to create system objects with super-user privileges and bypass data access/server action restri...
CVE-2014-2521
CVE-2014-2521 affects EMC Documentum Content Server versions 6.7 SP2 P16 and 7.x prior to 7.1 P07. The vulnerability stems from improper authorization checks on certain RPC commands, allowing remote authenticated users to read sensitive object metadata. Impact is read access to metadata of unauth...
CVE-2014-4618
EMC Documentum Content Server vulnerability CVE-2014-4618 allows a remote authenticated user to gain higher privileges via a user-created system object due to improper authorization checks. Affected products/versions include EMC Documentum Content Server 6.7 SP2 P16 and 7.x before 7.1 P07. The is...
CVE-2014-4629
EMC Documentum Content Server is affected by an Insecure Direct Object Reference (IDOR) vulnerability (CVE-2014-4629) in versions 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19. The issue allows remote authenticated attackers to read or delete arbitrary files via unspecified vectors. Remediation...
CVE-2015-4536
Summary (CVE-2015-4536) EMC Documentum Content Server versions affected are 7.0 prior to P20, 7.1 prior to P18, and 7.2 prior to P02. When RPC tracing is enabled, obfuscated passwords of users with inline authentication are written to the log file in clear text, enabling a remote authenticated at...