CVE-2015-0518

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html	Broken Link
http://www.securitytracker.com/id/1031693	VDB Entry Third Party Advisory
http://www.securityfocus.com/bid/72502	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100875

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_d2:3.1:-::::::
	cpe:2.3:a:emc:documentum_d2:3.1:sp1::::::
	cpe:2.3:a:emc:documentum_d2:4.0:::::::*
	cpe:2.3:a:emc:documentum_d2:4.1:::::::*
	cpe:2.3:a:emc:documentum_d2:4.2:::::::*

Information

Published : 2015-02-14 07:59

Updated : 2017-09-07 18:29

NVD link : CVE-2015-0518

Mitre link : CVE-2015-0518

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

emc

documentum_d2

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html", "name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities", "tags": ["Broken Link"], "refsource": "BUGTRAQ"}, {"url": "http://www.securitytracker.com/id/1031693", "name": "1031693", "tags": ["VDB Entry", "Third Party Advisory"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/72502", "name": "72502", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875", "name": "emc-documentum-cve20150518-priv-esc(100875)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0518", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-02-14T15:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-08T01:29Z"}