CVE Vulnerabilities

CVE-2014-4626

Published: Dec 17, 2014 | Modified: Dec 17, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this objects owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.

Affected Software

Name Vendor Start Version End Version
Documentum_content_server Emc 6.7 6.7
Documentum_content_server Emc 6.7 6.7
Documentum_content_server Emc 7.0 7.0
Documentum_content_server Emc * 6.7
Documentum_content_server Emc 7.1 7.1

References