CVE-2014-4626

17.12.2014, 01:59

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:C/I:C/A:C
dell	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
emc	documentum_content_server	𝑥 ≤ 6.7
emc	documentum_content_server	6.7
emc	documentum_content_server	6.7:sp2
emc	documentum_content_server	7.0
emc	documentum_content_server	7.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-264 -

References

http://www.kb.cert.org/vuls/id/315340

http://www.kb.cert.org/vuls/id/386056

http://www.kb.cert.org/vuls/id/874632

https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing

http://www.kb.cert.org/vuls/id/315340

http://www.kb.cert.org/vuls/id/386056

http://www.kb.cert.org/vuls/id/874632

https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing