{"vuid":"VU#315340","idnumber":"315340","name":"EMC Documentum products contain multiple vulnerabilities","keywords":["emc","documentum","d2","wdk","web development kit","content server"],"overview":"EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.","clean_desc":"EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor, please visit https://support.emc.com/docu38558 (requires EMC Online Support credentials). Search by CVE ID and/or ESA ID referenced in the spreadsheet. The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).","impact":"The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.","resolution":"Apply an update EMC has released updates to address many of the issues in question. For information about specific updates, including discussion about their effectiveness, refer to the spreadsheet.","workarounds":"","sysaffected":"","thanks":"Thanks to Andrey B. Panfilov for reporting these vulnerabilities.","author":"This document was written by Joel Land.","public":["https://docs.google.com/spreadsheets/d/1DiiUPCPvmaliWcfwPSc36y2mDvuidkDKQBWqaIuJi0A/edit?usp=sharing","http://www.emc.com/domains/documentum/index.htm","https://support.emc.com/docu38558"],"cveids":["CVE-2014-2520","CVE-2014-2518","CVE-2014-4622","CVE-2014-2514","CVE-2014-2507","CVE-2014-2513","CVE-2014-4618","CVE-2014-4626","CVE-2014-2515","CVE-2014-2504","CVE-2014-4629"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-04-24T19:28:47Z","publicdate":"2014-12-15T00:00:00Z","datefirstpublished":"2014-12-15T19:18:26Z","dateupdated":"2017-01-06T15:45:37Z","revision":50,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"9","cvss_environmentalscore":"6.746283936","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}