Detections
Analytics

EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities (ESA-2014-091)

high Nessus Plugin ID 77864

Language:

Synopsis

The remote host is affected by multiple privilege escalation vulnerabilities.

Description

The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities :

 - A privilege escalation vulnerability exists due to improper handling of system objects that allows a user to escalate their privileges to super-user status.
 (CVE-2014-4621)

 - A privilege escalation vulnerability exists due to improper handling of subgroups in the 'dm_superusers' group and other privileged groups. A user with sysadmin privileges can escalate their privileges to super-user status. (CVE-2014-4622)

Solution

Apply the relevant patch referenced in the vendor advisory.

See Also

https://seclists.org/bugtraq/2014/Sep/att-92/ESA-2014-091.txt

Plugin Details

Severity: High

ID: 77864

File Name: emc_documentum_content_server_ESA-2014-091.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 9/25/2014

Updated: 11/25/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_content_server

Required KB Items: installed_sw/EMC Documentum Content Server

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2014

Vulnerability Publication Date: 9/16/2014

Reference Information

CVE: CVE-2014-4621, CVE-2014-4622

BID: 69817, 69819