cvelistv5 - cve-2014-4622

cve-2014-4622

Vulnerability from cvelistv5

Published

2014-09-17 10:00

Modified

2024-08-06 11:20

Severity ?

Summary

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.

References

▼	URL	Tags
	security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html
	security_alert@emc.com	http://secunia.com/advisories/61251
	security_alert@emc.com	http://www.securityfocus.com/bid/69819
	security_alert@emc.com	http://www.securitytracker.com/id/1030855
	security_alert@emc.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95990
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61251
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69819
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030855
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95990

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:20:27.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "61251",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61251"
          },
          {
            "name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
          },
          {
            "name": "emc-documentum-cve20144622-priv-esc(95990)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
          },
          {
            "name": "69819",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69819"
          },
          {
            "name": "1030855",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "61251",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61251"
        },
        {
          "name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
        },
        {
          "name": "emc-documentum-cve20144622-priv-esc(95990)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
        },
        {
          "name": "69819",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69819"
        },
        {
          "name": "1030855",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-4622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "61251",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61251"
            },
            {
              "name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
            },
            {
              "name": "emc-documentum-cve20144622-priv-esc(95990)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
            },
            {
              "name": "69819",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69819"
            },
            {
              "name": "1030855",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-4622",
    "datePublished": "2014-09-17T10:00:00",
    "dateReserved": "2014-06-24T00:00:00",
    "dateUpdated": "2024-08-06T11:20:27.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4622\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2014-09-17T10:55:07.107\",\"lastModified\":\"2024-11-21T02:10:35.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorizaci\u00f3n para subgrupos de grupos privilegiados, lo que permite a administradores de sistemas remotos autenticados ganar privilegios de super usuario, y evadir restricciones de acceso a datos y acciones de servidor, a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.7\",\"matchCriteriaId\":\"D76BC7EC-B77D-4C40-AC45-347EC6618C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDBAEC8D-D945-48CA-84DD-EDBE8029F636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730510E9-1AE8-44BF-A1DE-5ED40F22D0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC51C95-97DC-44B4-9935-9423CE60289A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACB8EDE-C6AF-4B85-83ED-74097A206B49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CD1EE0-4E72-4C42-857B-AA45F0A17BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"49659818-958F-4B5E-8DA4-B592C67DD13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"414C33C7-CD76-49A4-9BE5-354860F2F635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8335062A-5A8E-4076-B351-7DFA19CEC818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B283F797-6DAA-40E1-9FAB-16FCAA5241B4\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://secunia.com/advisories/61251\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/69819\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1030855\",\"source\":\"security_alert@emc.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95990\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/69819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2014-4622

Vulnerability from fkie_nvd

Published

2014-09-17 10:55

Modified

2024-11-21 02:10

Severity ?

Summary

References

▼	URL	Tags
	security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html
	security_alert@emc.com	http://secunia.com/advisories/61251
	security_alert@emc.com	http://www.securityfocus.com/bid/69819
	security_alert@emc.com	http://www.securitytracker.com/id/1030855
	security_alert@emc.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95990
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61251
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69819
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030855
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95990

Impacted products

Vendor	Product	Version
emc	documentum_content_server	*
emc	documentum_content_server	6.0
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.6
emc	documentum_content_server	6.7
emc	documentum_content_server	6.7
emc	documentum_content_server	7.0
emc	documentum_content_server	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D76BC7EC-B77D-4C40-AC45-347EC6618C94",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "414C33C7-CD76-49A4-9BE5-354860F2F635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "EMC Documentum Content Server anterior a 6.7 SP2 P17, 7.0 hasta P15 y 7.1 anterior a P08 no comprueba debidamente la autorizaci\u00f3n para subgrupos de grupos privilegiados, lo que permite a administradores de sistemas remotos autenticados ganar privilegios de super usuario, y evadir restricciones de acceso a datos y acciones de servidor, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-4622",
  "lastModified": "2024-11-21T02:10:35.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-09-17T10:55:07.107",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://secunia.com/advisories/61251"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/69819"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1030855"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2014-4622

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-4622

Aliases

CVE-2014-4622

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4622",
    "description": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.",
    "id": "GSD-2014-4622",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-4622"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4622"
      ],
      "details": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.",
      "id": "GSD-2014-4622",
      "modified": "2023-12-13T01:22:45.142361Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2014-4622",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "61251",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61251"
          },
          {
            "name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
          },
          {
            "name": "emc-documentum-cve20144622-priv-esc(95990)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
          },
          {
            "name": "69819",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69819"
          },
          {
            "name": "1030855",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030855"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2014-4622"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140915 ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
            },
            {
              "name": "1030855",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030855"
            },
            {
              "name": "69819",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/69819"
            },
            {
              "name": "61251",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61251"
            },
            {
              "name": "emc-documentum-cve20144622-priv-esc(95990)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:35Z",
      "publishedDate": "2014-09-17T10:55Z"
    }
  }
}

ghsa-hqwg-c4rm-5mm8

Vulnerability from github

Published

2022-05-17 01:23

Modified

2022-05-17 01:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4622"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-17T10:55:00Z",
    "severity": "HIGH"
  },
  "details": "EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.",
  "id": "GHSA-hqwg-c4rm-5mm8",
  "modified": "2022-05-17T01:23:44Z",
  "published": "2022-05-17T01:23:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4622"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95990"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0093.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61251"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69819"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-4622

Vulnerability from cvelistv5

fkie_cve-2014-4622

Vulnerability from fkie_nvd

gsd-2014-4622

Vulnerability from gsd

ghsa-hqwg-c4rm-5mm8

Vulnerability from github

Tags

Sightings

Nomenclature