cve-2014-2507
Vulnerability from cvelistv5
Published
2014-06-08 01:00
Modified
2024-08-06 10:14
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.
References
security_alert@emc.comhttp://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
security_alert@emc.comhttp://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
security_alert@emc.comhttp://secunia.com/advisories/58954
security_alert@emc.comhttp://www.securityfocus.com/archive/1/532596/100/0/threaded
security_alert@emc.comhttp://www.securityfocus.com/bid/67916
security_alert@emc.comhttp://www.securitytracker.com/id/1030339
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58954
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/532596/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67916
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030339
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
          },
          {
            "name": "67916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67916"
          },
          {
            "name": "1030339",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030339"
          },
          {
            "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
          },
          {
            "name": "58954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58954"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
        },
        {
          "name": "67916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67916"
        },
        {
          "name": "1030339",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030339"
        },
        {
          "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
        },
        {
          "name": "58954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58954"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-2507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
            },
            {
              "name": "67916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67916"
            },
            {
              "name": "1030339",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030339"
            },
            {
              "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
            },
            {
              "name": "58954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58954"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-2507",
    "datePublished": "2014-06-08T01:00:00",
    "dateReserved": "2014-03-14T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2507\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2014-06-08T04:31:53.427\",\"lastModified\":\"2024-11-21T02:06:26.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.\"},{\"lang\":\"es\",\"value\":\"EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en argumentos en m\u00e9todos no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.7\",\"matchCriteriaId\":\"7B188672-1EC2-4338-A868-BD562962D356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDBAEC8D-D945-48CA-84DD-EDBE8029F636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730510E9-1AE8-44BF-A1DE-5ED40F22D0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC51C95-97DC-44B4-9935-9423CE60289A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACB8EDE-C6AF-4B85-83ED-74097A206B49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CD1EE0-4E72-4C42-857B-AA45F0A17BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"49659818-958F-4B5E-8DA4-B592C67DD13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4E00544-98F6-439C-8F4D-822FCAE775CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8335062A-5A8E-4076-B351-7DFA19CEC818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B283F797-6DAA-40E1-9FAB-16FCAA5241B4\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://secunia.com/advisories/58954\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/532596/100/0/threaded\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/67916\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1030339\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/532596/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/67916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.