Vulnerability Details CVE-2014-2514
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v2 Score 8.2
References
- http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html
- http://secunia.com/advisories/59757
- http://www.securityfocus.com/bid/68436
- http://www.securitytracker.com/id/1030529
- http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html
- http://secunia.com/advisories/59757
- http://www.securityfocus.com/bid/68436
- http://www.securitytracker.com/id/1030529
Products affected by CVE-2014-2514
-
cpe:2.3:a:emc:documentum_content_server:6.5
-
cpe:2.3:a:emc:documentum_content_server:6.7
-
cpe:2.3:a:emc:documentum_content_server:7.0
-
cpe:2.3:a:emc:documentum_content_server:7.1