Vulnerabilites related to emc - documentum_content_server
cve-2014-4618
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95368 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030743 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69273 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533162/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/60571 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "emc-documentum-cve20144618-code-exec(95368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
},
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69273"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "emc-documentum-cve20144618-code-exec(95368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
},
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69273"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60571"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emc-documentum-cve20144618-code-exec(95368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
},
{
"name": "1030743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69273"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60571"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4618",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2513
Vulnerability from cvelistv5
Published
2014-07-08 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030529 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59757 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/68435 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59757"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"name": "68435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1030529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59757"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"name": "68435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59757"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"name": "68435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2513",
"datePublished": "2014-07-08T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4144
Vulnerability from cvelistv5
Published
2012-02-02 02:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120201 ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain \"highest super user privileges\" by leveraging system administrator privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120201 ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain \"highest super user privileges\" by leveraging system administrator privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120201 ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4144",
"datePublished": "2012-02-02T02:00:00Z",
"dateReserved": "2011-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:39.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4621
Vulnerability from cvelistv5
Published
2014-09-17 10:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61251 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95989 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/69817 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030855 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144621-priv-esc(95989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95989"
},
{
"name": "69817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69817"
},
{
"name": "1030855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "61251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144621-priv-esc(95989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95989"
},
{
"name": "69817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69817"
},
{
"name": "1030855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144621-priv-esc(95989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95989"
},
{
"name": "69817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69817"
},
{
"name": "1030855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4621",
"datePublished": "2014-09-17T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4533
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033296 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76411 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4533",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4629
Vulnerability from cvelistv5
Published
2014-12-06 15:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/534135/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1031298 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/71422 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99085 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:27.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141202 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534135/100/0/threaded"
},
{
"name": "1031298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031298"
},
{
"name": "71422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71422"
},
{
"name": "emc-documentum-cve20144629-priv-esc(99085)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99085"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20141202 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534135/100/0/threaded"
},
{
"name": "1031298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031298"
},
{
"name": "71422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71422"
},
{
"name": "emc-documentum-cve20144629-priv-esc(99085)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99085"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141202 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534135/100/0/threaded"
},
{
"name": "1031298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031298"
},
{
"name": "71422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71422"
},
{
"name": "emc-documentum-cve20144629-priv-esc(99085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99085"
},
{
"name": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4629",
"datePublished": "2014-12-06T15:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:27.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4534
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033296 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76410 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4534",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4535
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033296 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76409 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76409",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76409",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4535",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2507
Vulnerability from cvelistv5
Published
2014-06-08 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/67916 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030339 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/532596/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html | x_refsource_MISC | |
| http://secunia.com/advisories/58954 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "67916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67916"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "67916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67916"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "67916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67916"
},
{
"name": "1030339",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2507",
"datePublished": "2014-06-08T01:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4536
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033296 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76412 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1033296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4536",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4622
Vulnerability from cvelistv5
Published
2014-09-17 10:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61251 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95990 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/69819 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030855 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:27.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144622-priv-esc(95990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
},
{
"name": "69819",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69819"
},
{
"name": "1030855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "61251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144622-priv-esc(95990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
},
{
"name": "69819",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69819"
},
{
"name": "1030855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61251"
},
{
"name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"name": "emc-documentum-cve20144622-priv-esc(95990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
},
{
"name": "69819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69819"
},
{
"name": "1030855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4622",
"datePublished": "2014-09-17T10:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:27.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4532
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76414 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4532",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0642
Vulnerability from cvelistv5
Published
2014-04-15 23:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html | mailing-list, x_refsource_BUGTRAQ | |
| http://twitter.com/artika4biz/statuses/455358950116823040 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:20.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/artika4biz/statuses/455358950116823040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T22:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/artika4biz/statuses/455358950116823040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"
},
{
"name": "http://twitter.com/artika4biz/statuses/455358950116823040",
"refsource": "MISC",
"url": "http://twitter.com/artika4biz/statuses/455358950116823040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0642",
"datePublished": "2014-04-15T23:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:20.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2521
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030743 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69276 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533162/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/60571 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95370 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69276"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60571"
},
{
"name": "emc-documentum-cve20142521-info-disc(95370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69276"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60571"
},
{
"name": "emc-documentum-cve20142521-info-disc(95370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69276"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60571"
},
{
"name": "emc-documentum-cve20142521-info-disc(95370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2521",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4626
Vulnerability from cvelistv5
Published
2014-12-17 01:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/315340 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.kb.cert.org/vuls/id/386056 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.kb.cert.org/vuls/id/874632 | third-party-advisory, x_refsource_CERT-VN | |
| https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#315340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/315340"
},
{
"name": "VU#386056",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/386056"
},
{
"name": "VU#874632",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/874632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object\u0027s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-17T01:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "VU#315340",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/315340"
},
{
"name": "VU#386056",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/386056"
},
{
"name": "VU#874632",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/874632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object\u0027s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#315340",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/315340"
},
{
"name": "VU#386056",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/386056"
},
{
"name": "VU#874632",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/874632"
},
{
"name": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-4626",
"datePublished": "2014-12-17T01:00:00",
"dateReserved": "2014-06-24T00:00:00",
"dateUpdated": "2024-08-06T11:20:26.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4531
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2015/Aug/86 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/76413 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4531",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2508
Vulnerability from cvelistv5
Published
2014-06-08 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67918 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030339 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/532596/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html | x_refsource_MISC | |
| http://secunia.com/advisories/58954 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67918"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "67918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67918"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67918"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2508",
"datePublished": "2014-06-08T01:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4544
Vulnerability from cvelistv5
Published
2015-09-04 01:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html | x_refsource_MISC | |
| http://seclists.org/bugtraq/2015/Sep/18 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"
},
{
"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Sep/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"
},
{
"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Sep/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"
},
{
"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Sep/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4544",
"datePublished": "2015-09-04T01:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2520
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030743 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95369 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/533162/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/60571 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/69274 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "emc-documentum-cve20142520-dql-injection(95369)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95369"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60571"
},
{
"name": "69274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1030743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "emc-documentum-cve20142520-dql-injection(95369)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95369"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60571"
},
{
"name": "69274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "emc-documentum-cve20142520-dql-injection(95369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95369"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60571"
},
{
"name": "69274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2520",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2506
Vulnerability from cvelistv5
Published
2014-06-08 01:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67917 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1030339 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/532596/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html | x_refsource_MISC | |
| http://secunia.com/advisories/58954 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67917"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "67917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67917"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67917"
},
{
"name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"name": "1030339",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"name": "58954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2506",
"datePublished": "2014-06-08T01:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2514
Vulnerability from cvelistv5
Published
2014-07-08 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030529 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59757 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/68436 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59757"
},
{
"name": "68436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68436"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1030529",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59757"
},
{
"name": "68436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68436"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030529"
},
{
"name": "59757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59757"
},
{
"name": "68436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68436"
},
{
"name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2514",
"datePublished": "2014-07-08T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-04-15 23:13
Modified
2024-11-21 02:02
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P26, 6.7 SP2 anterior a P13, 7.0 anterior a P13 y 7.1 anterior a P02 permite a usuarios remotos autenticados evadir restricciones de acceso y leer metadatos de ciertos ficheros a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0642",
"lastModified": "2024-11-21T02:02:33.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T23:13:16.790",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"
},
{
"source": "security_alert@emc.com",
"url": "http://twitter.com/artika4biz/statuses/455358950116823040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twitter.com/artika4biz/statuses/455358950116823040"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 04:31
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados obtener privilegios de super usuario para la creaci\u00f3n de objetos de sistema, y evadir restricciones de acceso a datos y acciones de servidor, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2506",
"lastModified": "2024-11-21T02:06:26.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-08T04:31:53.363",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/67917"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030339"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad en Java Method Server (JMS) en EMC Documentum Content Server en versiones anteriores a 6.7SP1 P32, 6.7SP2 en versiones anteriores a P25, 7.0 en versiones anteriores a P19, 7.1 en versiones anteriores a P16 y 7.2 en versiones anteriores a P02, permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la falsificaci\u00f3n de una firma para una cadena de consulta que carece del par\u00e1metro method_verb."
}
],
"id": "CVE-2015-4534",
"lastModified": "2024-11-21T02:31:17.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:16.060",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76410"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033296"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-17 10:55
Modified
2024-11-21 02:10
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorizaci\u00f3n para subgrupos de grupos privilegiados, lo que permite a administradores de sistemas remotos autenticados ganar privilegios de super usuario, y evadir restricciones de acceso a datos y acciones de servidor, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4622",
"lastModified": "2024-11-21T02:10:35.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-17T10:55:07.107",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/61251"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69819"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030855"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-08 11:06
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P15, 7.0 anterior a P15 y 7.1 anterior a P06 no comprueba debidamente la autorizaci\u00f3n y no restringe debidamente los tipos de objetos, lo que permite a usuarios remotos autenticados ejecutar comandos RPC de guardar con privilegios de superusuario, y como consecuencia ejecutar c\u00f3digo arbitrario, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2514",
"lastModified": "2024-11-21T02:06:27.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-08T11:06:01.437",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/59757"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/68436"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030529"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 6.7SP1 P32, 6.7SP2 en versiones anteriores a P25, 7.0 en versiones anteriores a P19, 7.1 en versiones anteriores a P16 y 7.2 en versiones anteriores a P02, no comprueba adecuadamente la autorizaci\u00f3n y no restringe adecuadamente los tipos de los objetos, lo que permite a usuarios remotos autenticados ejecutar comandos de guardado de RPC con privilegios de superusuario, y consecuentemente ejecutar c\u00f3digo arbitrario, a trav\u00e9s de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2514."
}
],
"id": "CVE-2015-4532",
"lastModified": "2024-11-21T02:31:17.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:14.043",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76414"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket."
},
{
"lang": "es",
"value": "Vulnerabilidad en Java Method Server (JMS) en EMC Documentum Content Server en versiones anteriores a 6.7SP1 P32, 6.7SP2 en versiones anteriores a P25, 7.0 en versiones anteriores a P19, 7.1 en versiones anteriores a P16 y 7.2 en versiones anteriores a P02, cuando est\u00e1 configurado __debug_trace__, permite a usuarios remotos autenticados conseguir privilegios de superusuario aprovech\u00e1ndose de la capacidad para leer un archivo de registro que contiene un ticket de registro."
}
],
"id": "CVE-2015-4535",
"lastModified": "2024-11-21T02:31:17.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:17.090",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76409"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033296"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-06 15:59
Modified
2024-11-21 02:10
Severity ?
Summary
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62A17A75-1EFB-4332-B02E-503E92A5BDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference."
},
{
"lang": "es",
"value": "EMC Documentum Content Server 7.0, 7.1 anterior a 7.1 P10, y 6.7 anterior a SP2 P19 permite a usuarios remotos autenticados leer o eliminar ficheros arbitrarios a trav\u00e9s de vectores no especificados relacionados con una referencia insegura a un objeto directo."
}
],
"id": "CVE-2014-4629",
"lastModified": "2024-11-21T02:10:36.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-06T15:59:01.640",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/534135/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/71422"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1031298"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534135/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99085"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-04 01:59
Modified
2024-11-21 02:31
Severity ?
Summary
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 7.1P20 y 7.2.x en versiones anteriores a 7.2P04, no verifica correctamente la autorizaci\u00f3n para el acceso de objeto dm_job, lo que permite a usuarios remotos autenticados obtener privilegios de superusuario a trav\u00e9s de operaciones de objeto manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-4626."
}
],
"id": "CVE-2015-4544",
"lastModified": "2024-11-21T02:31:18.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-04T01:59:01.737",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"
},
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Sep/18"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 7.0 P20, 7.1 en versiones anteriores a P18 y 7.2 en versiones anteriores a P02, cuando est\u00e1 configurado el rastreo RPC, almacena ciertos datos de contrase\u00f1as ofuscadas en un archivo de registro, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de este archivo."
}
],
"id": "CVE-2015-4536",
"lastModified": "2024-11-21T02:31:17.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:18.013",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76412"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033296"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-02 04:09
Modified
2024-11-21 01:31
Severity ?
Summary
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| centos | centos | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:centos:centos:6:*:*:*:*:*:*:*",
"matchCriteriaId": "47E84833-47CB-469C-BEED-E15449E9D0E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain \"highest super user privileges\" by leveraging system administrator privileges."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en EMC Documentum Content Server 6.0, 6.5 anteriores a SP2 P02, 6.5 SP3 anteriores a SP3 P02 y 6.6 anteriores a P02 permite a usuarios locales obtener \"privilegios de usuarios muy elevados\" utilizando privilegios de administrador system."
}
],
"id": "CVE-2011-4144",
"lastModified": "2024-11-21T01:31:56.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-02T04:09:47.787",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0005.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2024-11-21 02:10
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de un objeto de sistema creado por un usuario."
}
],
"id": "CVE-2014-4618",
"lastModified": "2024-11-21T02:10:35.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:14.530",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69273"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-17 01:59
Modified
2024-11-21 02:10
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.kb.cert.org/vuls/id/315340 | Third Party Advisory, US Government Resource | |
| security_alert@emc.com | http://www.kb.cert.org/vuls/id/386056 | Third Party Advisory, US Government Resource | |
| security_alert@emc.com | http://www.kb.cert.org/vuls/id/874632 | Third Party Advisory, US Government Resource | |
| security_alert@emc.com | https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/315340 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/386056 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/874632 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object\u0027s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P29, 6.7 SP2 anterior a P18, 7.0 anterior a P16, y 7.1 anterior a P09 permite a usuarios remotos autenticados ganar privilegios mediante (1) lla colocaci\u00f3n de un comando en un objeto dm_job y la configutaci\u00f3n del due\u00f1o de este objeto a un usuario privilegiado o la colocaci\u00f3n de una acci\u00f3n de renombrar en un objeto dm_job_request y la espera a una tarea de servicio (2) dm_UserRename o (3) dm_GroupRename, tambi\u00e9n conocido como ESA-2014-105. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-2515."
}
],
"id": "CVE-2014-4626",
"lastModified": "2024-11-21T02:10:35.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-17T01:59:00.067",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/315340"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/386056"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/874632"
},
{
"source": "security_alert@emc.com",
"url": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/315340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/386056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/874632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 04:31
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n DQL (Documentum Query Language) y evadir las restricciones de acciones de base de datos a trav\u00e9s de vectores que implican hints DQL."
}
],
"id": "CVE-2014-2508",
"lastModified": "2024-11-21T02:06:26.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-08T04:31:53.487",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/67918"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030339"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 6.7SP1 P32, 6.7SP2 en versiones anteriores a P25, 7.0 en versiones anteriores a P19, 7.1 en versiones anteriores a P16 y 7.2 en versiones anteriores a P02, no comprueba adecuadamente la autorizaci\u00f3n para subgrupos de grupos privilegiados, lo que permite a administradores de sistema remotos autenticados obtener privilegios de superusuario, y eludir las restricciones previstas en el acceso a los datos y a acciones de servidor, a trav\u00e9s de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-4622."
}
],
"id": "CVE-2015-4531",
"lastModified": "2024-11-21T02:31:17.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:12.950",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76413"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
| emc | documentum_content_server | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513."
},
{
"lang": "es",
"value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 6.7SP1 P32, 6.7SP2 en versiones anteriores a P25, 7.0 en versiones anteriores a P19, 7.1 en versiones anteriores a P16 y 7.2 en versiones anteriores a P02, no comprueba adecuadamente la autorizaci\u00f3n despu\u00e9s de la creaci\u00f3n de un objeto, lo que permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario con privilegios de superusuario a trav\u00e9s de una secuencia de comandos personalizada. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2513."
}
],
"id": "CVE-2015-4533",
"lastModified": "2024-11-21T02:31:17.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-20T10:59:15.120",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76411"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033296"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07 permite a usuarios remotos autenticados leer metadatos sensibles de objetos a trav\u00e9s de un comando RPC."
}
],
"id": "CVE-2014-2521",
"lastModified": "2024-11-21T02:06:27.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:13.983",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69276"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-08 11:06
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P15, 7.0 anterior a P15 y 7.1 anterior a P06 no comprueba debidamente la autorizaci\u00f3n despu\u00e9s de la creaci\u00f3n de un objeto, lo que permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario con privilegios de superusuario a trav\u00e9s de una secuencia de comandos personalizada."
}
],
"id": "CVE-2014-2513",
"lastModified": "2024-11-21T02:06:26.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-08T11:06:01.407",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/59757"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/68435"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030529"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07, cuando Oracle Database est\u00e1 utilizada, no restringe debidamente los hints DQL, lo que permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n DQL y leer contenido sensible de la base de datos a trav\u00e9s de una solicitud manipulada."
}
],
"id": "CVE-2014-2520",
"lastModified": "2024-11-21T02:06:27.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T11:17:13.953",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69274"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95369"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-17 10:55
Modified
2024-11-21 02:10
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorizaci\u00f3n para subtipos de los tipos de sistemas protegidos, lo que permite a usuarios remotos autenticados obtener privilegios de super usuario para la creaci\u00f3n de objetos de sistema, y evadir restricciones de acceso a datos y acciones de servidor, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4621",
"lastModified": "2024-11-21T02:10:35.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-17T10:55:07.057",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/61251"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69817"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030855"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95989"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-08 04:31
Modified
2024-11-21 02:06
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_content_server | * | |
| emc | documentum_content_server | 6.0 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.5 | |
| emc | documentum_content_server | 6.6 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods."
},
{
"lang": "es",
"value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en argumentos en m\u00e9todos no especificados."
}
],
"id": "CVE-2014-2507",
"lastModified": "2024-11-21T02:06:26.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-08T04:31:53.427",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/67916"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030339"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}