Vulnerability Details

ID: CVE-2014-0642

Last Modified: April 16, 2014

Open in new window

Description

EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: Single

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: None

Base Score: 5.5

Exploitability Score: 8.0

Impact Score: 4.9

CVSS V2: AV:N/AC:L/Au:S/C:P/I:P/A:N

Specialize CVSS-Score

CWE-ID

CWE-264

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:emc:documentum_content_server:6.7:-:::::: Part: a Product: documentum_content_server Update: - Vendor: emc Version: 6.7	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.7:sp2:::::: Part: a Product: documentum_content_server Update: sp2 Vendor: emc Version: 6.7	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:7.0:::::::* Part: a Product: documentum_content_server Vendor: emc Version: 7.0	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server::sp1::::::* Part: a Product: documentum_content_server Version end including: 6.7 Vendor: emc Update: sp1	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.0:::::::* Part: a Product: documentum_content_server Vendor: emc Version: 6.0	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.5:sp2:::::: Part: a Product: documentum_content_server Update: sp2 Vendor: emc Version: 6.5	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.5:::::::* Part: a Product: documentum_content_server Vendor: emc Version: 6.5	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.6:::::::* Part: a Product: documentum_content_server Vendor: emc Version: 6.6	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.5:sp1:::::: Part: a Product: documentum_content_server Update: sp1 Vendor: emc Version: 6.5	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:7.1:::::::* Part: a Product: documentum_content_server Vendor: emc Version: 7.1	Alle Schwachstellen für emc
	cpe:2.3:a:emc:documentum_content_server:6.5:sp3:::::: Part: a Product: documentum_content_server Update: sp3 Vendor: emc Version: 6.5	Alle Schwachstellen für emc

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>