CVE-2014-2515

Published: Aug 20, 2014Modified: May 6, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Affected (5)

Products: Emc: Documentum D2

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Emc Documentum D2	Version 3.1
Emc Documentum D2	Version 3.1 sp1
Emc Documentum D2	Version 4.0
Emc Documentum D2	Version 4.1
Emc Documentum D2	Version 4.2

Related CWEs

References (10)

http://secunia.com/advisories/60565

Source: security_alert@emc.com

http://www.securityfocus.com/archive/1/533161/30/0/threaded

Source: security_alert@emc.com

http://www.securityfocus.com/bid/69275

Source: security_alert@emc.com

http://www.securitytracker.com/id/1030740

Source: security_alert@emc.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/95367

Source: security_alert@emc.com

http://secunia.com/advisories/60565

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/533161/30/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69275

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030740

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/95367

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.