Detections
Analytics
EMC Documentum Content Server Information Disclosure (ESA-2014-026)
medium Nessus Plugin ID 77632
Language:
Synopsis
The remote host is affected by a privilege escalation vulnerability.Description
The remote host is running a version of EMC Documentum Content Server that is affected by an information disclosure vulnerability due to improper authorization checks. A remote, authenticated user can exploit this vulnerability to read metadata from folders outside of restricted folders configured for Content Server users.Solution
Apply the relevant patch referenced in the vendor advisory.See Also
https://seclists.org/bugtraq/2014/Apr/att-71/ESA-2014-026.txt
Plugin Details
Severity: Medium
ID: 77632
File Name: emc_documentum_content_server_ESA-2014-026.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 9/11/2014
Updated: 11/25/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2014-0642
Vulnerability Information
CPE: cpe:/a:emc:documentum_content_server
Required KB Items: installed_sw/EMC Documentum Content Server
Exploit Ease: No known exploits are available
Patch Publication Date: 4/15/2014
Vulnerability Publication Date: 4/15/2014
Reference Information
CVE: CVE-2014-0642
BID: 66796