CVE-2017-2766

{"id": "CVE-2017-2766", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-02-03T07:59:00.560", "references": [{"url": "http://www.securityfocus.com/archive/1/540077/30/0/threaded", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/95893", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system."}, {"lang": "es", "value": "EMC Documentum eRoom versi\u00f3n 7.4.4, EMC Documentum eRoom versi\u00f3n 7.4.4 SP1, EMC Documentum eRoom versi\u00f3n anterior a 7.4.5 P04, EMC Documentum eRoom versi\u00f3n anterior a 7.5.0 P01 incluye una vulnerabilidad no verificada de cambio de contrase\u00f1a que podr\u00eda ser explotada por usuarios malintencionados para comprometer el sistema afectado."}], "lastModified": "2017-03-09T18:40:53.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD159D8-DCB0-4A27-BEFC-BFC626B2C200"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C44A1651-72B7-446A-98CA-18BD0E4E72D0"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F12875-669C-43C7-9D00-164089E27D84"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.5:p01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ADC4B3E-A538-4A85-B084-AF4E47734C12"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.5:p02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E06195-1C7E-429E-8E39-CB2455741E2D"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.4.5:p03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BED2FD3-0A0E-4C89-94BB-D02434499445"}, {"criteria": "cpe:2.3:a:emc:documentum_eroom:7.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DCE8AD3-12F1-4952-BAE7-98F0B667595F"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}