Vulnerability Description
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum Content Server | <= 6.7 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/315340Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/386056Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/874632Third Party AdvisoryUS Government Resource
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJ
- http://www.kb.cert.org/vuls/id/315340Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/386056Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/874632Third Party AdvisoryUS Government Resource
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJ
FAQ
What is CVE-2014-4626?
CVE-2014-4626 is a vulnerability with a CVSS score of 9.0 (HIGH). EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job objec...
How severe is CVE-2014-4626?
CVE-2014-4626 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4626?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Content Server.