CVE-2014-2514
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P15, 7.0 anterior a P15 y 7.1 anterior a P06 no comprueba debidamente la autorización y no restringe debidamente los tipos de objetos, lo que permite a usuarios remotos autenticados ejecutar comandos RPC de guardar con privilegios de superusuario, y como consecuencia ejecutar código arbitrario, a través de vectores no especificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-03-14 CVE Reserved
- 2014-07-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html | Mailing List | |
| http://secunia.com/advisories/59757 | Third Party Advisory | |
| http://www.securityfocus.com/bid/68436 | Vdb Entry | |
| http://www.securitytracker.com/id/1030529 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Documentum Content Server Search vendor "Emc" for product "Documentum Content Server" | <= 6.7 Search vendor "Emc" for product "Documentum Content Server" and version " <= 6.7" | sp1 |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum Content Server Search vendor "Emc" for product "Documentum Content Server" | 6.7 Search vendor "Emc" for product "Documentum Content Server" and version "6.7" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum Content Server Search vendor "Emc" for product "Documentum Content Server" | 6.7 Search vendor "Emc" for product "Documentum Content Server" and version "6.7" | sp2 |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum Content Server Search vendor "Emc" for product "Documentum Content Server" | 7.0 Search vendor "Emc" for product "Documentum Content Server" and version "7.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum Content Server Search vendor "Emc" for product "Documentum Content Server" | 7.1 Search vendor "Emc" for product "Documentum Content Server" and version "7.1" | - |
Affected
| ||||||