CVE-2014-4629

EMC Documentum Content Server <7.1P10, <6.7SP2P19 - Info Disclosure

Title source: llm

Description

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/534135/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031298

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71422

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/99085

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/129376/EMC-Documentum-Content-Server-Insecure-Direct-Object-Reference.html

Scores

EPSS 0.0064

EPSS Percentile 70.9%

Details

CWE

CWE-264

Status published

Products (3)

emc/documentum_content_server 6.7 (3 CPE variants)

emc/documentum_content_server 7.0

emc/documentum_content_server 7.1

Published Dec 06, 2014

Tracked Since Feb 18, 2026