CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2515

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.3%

CVSS Severity

CVSS v2 Score 8.5

References

http://secunia.com/advisories/60565
http://www.securityfocus.com/archive/1/533161/30/0/threaded
http://www.securityfocus.com/bid/69275
http://www.securitytracker.com/id/1030740
https://exchange.xforce.ibmcloud.com/vulnerabilities/95367
http://secunia.com/advisories/60565
http://www.securityfocus.com/archive/1/533161/30/0/threaded
http://www.securityfocus.com/bid/69275
http://www.securitytracker.com/id/1030740
https://exchange.xforce.ibmcloud.com/vulnerabilities/95367

Products affected by CVE-2014-2515

Emc » Documentum D2 » Version: 3.1

cpe:2.3:a:emc:documentum_d2:3.1
Emc » Documentum D2 » Version: 4.0

cpe:2.3:a:emc:documentum_d2:4.0
Emc » Documentum D2 » Version: 4.1

cpe:2.3:a:emc:documentum_d2:4.1
Emc » Documentum D2 » Version: 4.2

cpe:2.3:a:emc:documentum_d2:4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2515

Products

Pricing

Contact Us