EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this objects owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Documentum_content_server | Emc | * | 6.7 (including) |
| Documentum_content_server | Emc | 6.7 (including) | 6.7 (including) |
| Documentum_content_server | Emc | 6.7-sp2 (including) | 6.7-sp2 (including) |
| Documentum_content_server | Emc | 7.0 (including) | 7.0 (including) |
| Documentum_content_server | Emc | 7.1 (including) | 7.1 (including) |