Vulnerability Details CVE-2014-4626
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v2 Score 9.0
References
- http://www.kb.cert.org/vuls/id/315340
- http://www.kb.cert.org/vuls/id/386056
- http://www.kb.cert.org/vuls/id/874632
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing
- http://www.kb.cert.org/vuls/id/315340
- http://www.kb.cert.org/vuls/id/386056
- http://www.kb.cert.org/vuls/id/874632
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing
Products affected by CVE-2014-4626
-
cpe:2.3:a:emc:documentum_content_server:6.5
-
cpe:2.3:a:emc:documentum_content_server:6.7
-
cpe:2.3:a:emc:documentum_content_server:7.0
-
cpe:2.3:a:emc:documentum_content_server:7.1