CVE-2015-4534

EMC Documentum Content Server - Authenticated Remote Code Execution via Forged JMS Query String

Title source: llm
STIX 2.1

Description

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033296
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Aug/86
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76410

Scores

EPSS 0.0225
EPSS Percentile 84.8%

Details

CWE
CWE-20
Status published
Products (4)
emc/documentum_content_server 6.7 sp1 (2 CPE variants)
emc/documentum_content_server 7.0
emc/documentum_content_server 7.1
emc/documentum_content_server 7.2
Published Aug 20, 2015
Tracked Since Feb 18, 2026