EMC Documentum D2 Privilege Escalation (ESA-2014-045)

high Nessus Plugin ID 74368

Synopsis

The remote host is affected by a privilege escalation vulnerability.

Description

The remote host is running EMC Documentum D2. It is, therefore, affected by a privilege escalation vulnerability due to a flaw in the Documentum Query Language (DQL) engine. A remote, authenticated attacker can exploit this vulnerability to execute arbitrary DQL queries with superuser privileges.

Solution

Apply the relevant patch referenced in the vendor advisory.

See Also

https://seclists.org/bugtraq/2014/May/att-129/ESA-2014-045.txt

Plugin Details

Severity: High

ID: 74368

File Name: emc_documentum_d2_ESA-2014-045.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 6/6/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_d2

Required KB Items: installed_sw/EMC Documentum D2

Exploit Ease: No known exploits are available

Patch Publication Date: 5/25/2014

Vulnerability Publication Date: 5/25/2014

Reference Information

CVE: CVE-2014-2504

BID: 67595