CVE-2015-0518

EMC Documentum D2 3.1-4.1 - Authenticated Privilege Escalation via Properties Service

Title source: llm
STIX 2.1

Description

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031693
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100875
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72502
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html

Scores

EPSS 0.0116
EPSS Percentile 78.8%

Details

CWE
CWE-264
Status published
Products (4)
emc/documentum_d2 3.1 (2 CPE variants)
emc/documentum_d2 4.0
emc/documentum_d2 4.1
emc/documentum_d2 4.2
Published Feb 14, 2015
Tracked Since Feb 18, 2026