CVE-2014-4626

Опубликовано: 17 дек. 2014

Источник: nvd

CVSS2: 9

EPSS Низкий

Описание

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.

Ссылки

http://www.kb.cert.org/vuls/id/315340
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/386056
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/874632
Third Party Advisory
US Government Resource
https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing
http://www.kb.cert.org/vuls/id/315340
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/386056
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/874632
Third Party Advisory
US Government Resource
https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*

Версия до 6.7 (включая)

cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*

cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*

cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01198

Низкий

9 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-895g-4hj4-5w5x

github

больше 3 лет назад