CVE-2015-4544 - Vulnerability Details - OpenCVE

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Documentum Content Server

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_content_server:7.1:::::::*
	cpe:2.3:a:emc:documentum_content_server:7.2:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html
http://seclists.org/bugtraq/2015/Sep/18

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2015-09-04T01:00:00

Updated: 2024-08-06T06:18:11.802Z

Reserved: 2015-06-11T00:00:00

Link: CVE-2015-4544

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-09-04T01:59:01.737

Modified: 2024-11-21T02:31:18.677

Link: CVE-2015-4544

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"}, {"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2015/Sep/18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2015-4544", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"}, {"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2015/Sep/18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.802Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"}, {"name": "20150903 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2015/Sep/18"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2015-4544", "datePublished": "2015-09-04T01:00:00", "dateReserved": "2015-06-11T00:00:00", "dateUpdated": "2024-08-06T06:18:11.802Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "87453E34-AC8E-4C79-8486-B4888C621B1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626."}, {"lang": "es", "value": "Vulnerabilidad en EMC Documentum Content Server en versiones anteriores a 7.1P20 y 7.2.x en versiones anteriores a 7.2P04, no verifica correctamente la autorizaci\u00f3n para el acceso de objeto dm_job, lo que permite a usuarios remotos autenticados obtener privilegios de superusuario a trav\u00e9s de operaciones de objeto manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-4626."}], "id": "CVE-2015-4544", "lastModified": "2024-11-21T02:31:18.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-04T01:59:01.737", "references": [{"source": "security_alert@emc.com", "url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"}, {"source": "security_alert@emc.com", "url": "http://seclists.org/bugtraq/2015/Sep/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/133441/EMC-Documentum-Content-Server-Privilege-Escalation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/bugtraq/2015/Sep/18"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}