Description
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/315340
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/386056
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/874632
Various Sources x_refsource_misc
https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing
Scores
EPSS
0.0120
EPSS Percentile
79.1%
Details
CWE
CWE-264
Status
published
Products (4)
emc/documentum_content_server
6.7 (2 CPE variants)
emc/documentum_content_server
7.0
emc/documentum_content_server
7.1
emc/documentum_content_server
< 6.7
Published
Dec 17, 2014
Tracked Since
Feb 18, 2026