CVE-2017-2766
CRITICALEMC Documentum eRoom 7.4.4-7.4.4 SP1 and < 7.4.5 P04 - Unauthenticated Password Change
Title source: llmDescription
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
References (2)
Core 2
Core References
Patch, Third Party Advisory, VDB Entry x_refsource_confirm
http://www.securityfocus.com/archive/1/540077/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95893
Scores
CVSS v3
9.8
EPSS
0.0163
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (4)
emc/documentum_eroom
7.4.4 (2 CPE variants)
emc/documentum_eroom
7.4.5 (4 CPE variants)
emc/documentum_eroom
7.5.0
n/a/EMC Documentum eRoom EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01
EMC Documentum eRoom EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026