Vulnerability Note VU#315340
EMC Documentum products contain multiple vulnerabilities
EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.
EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor, please visit https://support.emc.com/docu38558 (requires EMC Online Support credentials). Search by CVE ID and/or ESA ID referenced in the spreadsheet.
The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).
The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|EMC Corporation||Affected||25 Apr 2014||16 Dec 2014|
CVSS Metrics (Learn More)
Thanks to Andrey B. Panfilov for reporting these vulnerabilities.
This document was written by Joel Land.
- CVE IDs: CVE-2014-2520 CVE-2014-2518 CVE-2014-4622 CVE-2014-2514 CVE-2014-2507 CVE-2014-2513 CVE-2014-4618 CVE-2014-4626 CVE-2014-2515 CVE-2014-2504 CVE-2014-4629
- Date Public: 15 Dec 2014
- Date First Published: 15 Dec 2014
- Date Last Updated: 06 Jan 2017
- Document Revision: 49
If you have feedback, comments, or additional information about this vulnerability, please send us email.