CVE-2014-2513

EMC Documentum Content Server < 6.7 SP1 P28, 6.7 SP2 < P15, 7.0 < P15, 7.1 < P06 - RCE via Custom Script

Title source: llm
STIX 2.1

Description

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030529
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59757
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68435

Scores

EPSS 0.0099
EPSS Percentile 77.1%

Details

CWE
CWE-20
Status published
Products (4)
emc/documentum_content_server 6.7 (2 CPE variants)
emc/documentum_content_server 7.0
emc/documentum_content_server 7.1
emc/documentum_content_server < 6.7
Published Jul 08, 2014
Tracked Since Feb 18, 2026