CVE-2011-2739

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/8528
http://www.securityfocus.com/archive/1/520372

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_eroom:7.3.0:::::::*
	cpe:2.3:a:emc:documentum_eroom:7.4.1:::::::*
	cpe:2.3:a:emc:documentum_eroom:7.4.2:::::::*
	cpe:2.3:a:emc:documentum_eroom:7.4.3:::::::*

History

No history.

Information

Published : 2011-11-09 23:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-2739

Mitre link : CVE-2011-2739

CVE.ORG link : CVE-2011-2739

JSON object : View

Products Affected

emc

documentum_eroom

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-2739", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-11-09T23:55:01.507", "references": [{"url": "http://securityreason.com/securityalert/8528", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/archive/1/520372", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file."}, {"lang": "es", "value": "La funcionalidad file-blocking en EMC Documentum eRoom v7.3.x y v7.4.x antes de v7.4.3.g no restringe adecuadamente la subida y apertura de archivos peligrosos, lo que permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un archivo."}], "lastModified": "2012-02-14T04:07:47.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_eroom:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DED9961A-3C29-48C5-8F3B-3D8A1E1F98DD"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAC26B9F-C61A-48C2-89CD-33A0569536BA"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34579A31-D4C9-4658-ACC4-78588C69F564"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A21269F-F54F-426A-A860-2683FE7ADE0E"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}