CVE-2014-2514
high
CVSS v3
—
CVSS v2
8.2
VIR risk
8.2
Description
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| emc | documentum_content_server | {"endIncluding":"6.7"} | |
| emc | documentum_content_server | 6.7 | |
| emc | documentum_content_server | 7.0 | |
| emc | documentum_content_server | 7.1 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html
- http://secunia.com/advisories/59757
- http://www.securityfocus.com/bid/68436
- http://www.securitytracker.com/id/1030529
- http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html
- http://secunia.com/advisories/59757
- http://www.securityfocus.com/bid/68436
- http://www.securitytracker.com/id/1030529
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.