CVE-2014-4626

Summary

CVE	CVE-2014-4626
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-12-17 01:59:00 UTC
Updated	2014-12-17 19:15:00 UTC
Description	EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Emc	Documentum Content Server	6.7	-	All	All
Application	Emc	Documentum Content Server	6.7	sp2	All	All
Application	Emc	Documentum Content Server	7.0	All	All	All
Application	Emc	Documentum Content Server	7.1	All	All	All
Application	Emc	Documentum Content Server	6.7	-	All	All
Application	Emc	Documentum Content Server	6.7	sp2	All	All
Application	Emc	Documentum Content Server	7.0	All	All	All
Application	Emc	Documentum Content Server	7.1	All	All	All
Application	Emc	Documentum Content Server	All	sp1	All	All

References

Reference	Source	Link	Tags
VU#315340 - Google Sheets	MISC	docs.google.com
CERT Vulnerability Notes Database	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
Vulnerability Note VU#315340 - EMC Documentum products contain multiple vulnerabilities	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
CERT Vulnerability Notes Database	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.