9.8
CVE-2017-2766
- EPSS 0.79%
- Published 03.02.2017 07:59:00
- Last modified 20.04.2025 01:37:25
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Data is provided by the National Vulnerability Database (NVD)
Emc ≫ Documentum Eroom Version7.4.4
Emc ≫ Documentum Eroom Version7.4.4 Updatesp1
Emc ≫ Documentum Eroom Version7.4.5
Emc ≫ Documentum Eroom Version7.4.5 Updatep01
Emc ≫ Documentum Eroom Version7.4.5 Updatep02
Emc ≫ Documentum Eroom Version7.4.5 Updatep03
Emc ≫ Documentum Eroom Version7.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.715 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.