VDB
CVE-2014-4626
CVE-2014-4626
PUBLISHED
CVSS 9 CRITICAL
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
EPSS 1.20% · 79.3th percentile
Risk Scores
CVSS 2.0
9
EPSS Score
1.20%
79.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| emc | documentum_content_server | 0, 6.7, 7.0 |
Exploit Intelligence
- VU#315340 (circl)
- VU#386056 (circl)
- VU#874632 (circl)
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing (circl)
Timeline
- Dec 17, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- VU#315340 third-party-advisory
- VU#386056 third-party-advisory
- VU#874632 third-party-advisory
- https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing url
- https://nvd.nist.gov/vuln/detail/CVE-2014-4626 advisory