Vulnerability CVE-2015-0518


Published: 2015-02-14

Description:
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
EMC Documentum D2 Information Disclosure / Privilege Escalation
EMC
05.02.2015

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
EMC -> Documentum d2 

 References:
http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html
http://www.securityfocus.com/bid/72502
http://www.securitytracker.com/id/1031693
https://exchange.xforce.ibmcloud.com/vulnerabilities/100875

Copyright 2021, cxsecurity.com

 

Back to Top