8.5

CVE-2014-2515

EPSS 1.02%
Veröffentlicht 20.08.2014 11:17:13
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Documentum D2 Version3.1 Update-

Emc ≫ Documentum D2 Version3.1 Updatesp1

Emc ≫ Documentum D2 Version4.0

Emc ≫ Documentum D2 Version4.1

Emc ≫ Documentum D2 Version4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.02%	0.752

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://secunia.com/advisories/60565

http://www.securityfocus.com/archive/1/533161/30/0/threaded

http://www.securityfocus.com/bid/69275

http://www.securitytracker.com/id/1030740

https://exchange.xforce.ibmcloud.com/vulnerabilities/95367

https://nvd.nist.gov/vuln/detail/CVE-2014-2515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2515

EUVD