CVE-2015-0518

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html	Broken Link
http://www.securityfocus.com/bid/72502	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031693	VDB Entry Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100875

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_d2:3.1:-::::::
	cpe:2.3:a:emc:documentum_d2:3.1:sp1::::::
	cpe:2.3:a:emc:documentum_d2:4.0:::::::*
	cpe:2.3:a:emc:documentum_d2:4.1:::::::*
	cpe:2.3:a:emc:documentum_d2:4.2:::::::*

History

No history.

Information

Published : 2015-02-14 15:59

Updated : 2024-02-04 18:35

NVD link : CVE-2015-0518

Mitre link : CVE-2015-0518

CVE.ORG link : CVE-2015-0518

JSON object : View

Products Affected

emc

documentum_d2

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-0518", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-14T15:59:01.407", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html", "tags": ["Broken Link"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/72502", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1031693", "tags": ["VDB Entry", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."}, {"lang": "es", "value": "El servicio Properties en el componente del servicio web D2FS en EMC Documentum D2 3.1 hasta SP1, 4.0 y 4.1 anterior a 4.1 P22, y 4.2 anterior a P11 permite a usuarios remotos autenticados obtener privilegios de superusuario a trav\u00e9s de una llamada a un m\u00e9todo no especificado que modifica los permisos de grupos."}], "lastModified": "2017-09-08T01:29:44.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FE3ABC6-7F44-436A-B78A-C7FC6310C1FA"}, {"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEECDCAB-54A9-4A99-B77E-6DAD0513AA3E"}, {"criteria": "cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A265F6B-0975-4CA2-832D-AF0FA38B0077"}, {"criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A"}, {"criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}