CVE-2014-4626
First published: Wed Dec 17 2014(Updated: )
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Documentum Content Server | <=6.7 | |
| EMC Documentum Content Server | =6.7 | |
| EMC Documentum Content Server | =6.7-sp2 | |
| EMC Documentum Content Server | =7.0 | |
| EMC Documentum Content Server | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- vendor/emc
- canonical/emc documentum content server
- version/emc documentum content server/6.7
- version/emc documentum content server/6.7-sp2
- version/emc documentum content server/7.0
- version/emc documentum content server/7.1