CVE-2015-4530

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/bugtraq/2015/Aug/87
http://www.securityfocus.com/bid/76405

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_administrator::::::::
	cpe:2.3:a:emc:documentum_digital_asset_manager::sp6::::::*
	cpe:2.3:a:emc:documentum_taskspace::sp2::::::*
	cpe:2.3:a:emc:documentum_web_publisher::sp7::::::*
	cpe:2.3:a:emc:documentum_webtop::::::::

History

No history.

Information

Published : 2015-08-20 10:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-4530

Mitre link : CVE-2015-4530

CVE.ORG link : CVE-2015-4530

JSON object : View

Products Affected

emc

documentum_taskspace
documentum_digital_asset_manager
documentum_administrator
documentum_webtop
documentum_web_publisher

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2015-4530", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-08-20T10:59:11.887", "references": [{"url": "http://seclists.org/bugtraq/2015/Aug/87", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/76405", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en EMC Documentum WebTop en versiones anteriores a 6.8P01, Documentum Administrator hasta la versi\u00f3n 7.2, Documentum Digital Assets Manager hasta la versi\u00f3n 6.5SP6, Documentum Web Publishers hasta la versi\u00f3n 6.5SP7 y Documentum Task Space hasta la versi\u00f3n 6.7SP2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2518."}], "lastModified": "2016-11-28T19:29:04.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E", "versionEndIncluding": "7.2"}, {"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155", "versionEndIncluding": "6.5"}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492", "versionEndIncluding": "6.7"}, {"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C", "versionEndIncluding": "6.5"}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F", "versionEndIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}