EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-064)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host is running a version of EMC Documentum Content Server
that is affected by multiple vulnerabilities :

- A remote code execution vulnerability exists due to
improper authorization checks. A remote, authenticated
attacker can exploit this vulnerability to execute
arbitrary code via a custom script.
(CVE-2014-2513)

- A remote code execution vulnerability exists due to
improper authorization checks. A remote, authenticated
attacker can exploit this vulnerability to execute
arbitrary code via save RPC commands.
(CVE-2014-2514)

See also :

http://seclists.org/bugtraq/2014/Jul/att-23/ESA-2014-064.txt

Solution :

Apply the relevant patch referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 8.2
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:P)
CVSS Temporal Score : 7.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 77634 ()

Bugtraq ID: 68435
68436

CVE ID: CVE-2014-2513
CVE-2014-2514

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now