Published: 08/07/2014 Updated: 07/01/2017

CVSS v2 Base Score: 8.2 | Impact Score: 9.5 | Exploitability Score: 6.8

VMScore: 730

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:P

EMC Documentum Content Server prior to 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc documentum content server 7.0
emc documentum content server 7.1
emc documentum content server 6.7
emc documentum content server

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character i ...

CWE-20 http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html http://secunia.com/advisories/59757 http://www.securitytracker.com/id/1030529 http://www.securityfocus.com/bid/68435 https://nvd.nist.gov https://packetstormsecurity.com/files/142301/OpenText-Documentum-Content-Server-SQL-Injection.html https://www.kb.cert.org/vuls/id/315340

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2513

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect