EMC Documentum D2 Privilege Escalation (ESA-2014-045)

High Nessus Plugin ID 74368


The remote host is affected by a privilege escalation vulnerability.


The remote host is running EMC Documentum D2. It is, therefore, affected by a privilege escalation vulnerability due to a flaw in the Documentum Query Language (DQL) engine. A remote, authenticated attacker can exploit this vulnerability to execute arbitrary DQL queries with superuser privileges.


Apply the relevant patch referenced in the vendor advisory.

See Also


Plugin Details

Severity: High

ID: 74368

File Name: emc_documentum_d2_ESA-2014-045.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2014/06/06

Modified: 2014/09/03

Dependencies: 77303

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_d2

Required KB Items: installed_sw/EMC Documentum D2

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/25

Vulnerability Publication Date: 2014/05/25

Reference Information

CVE: CVE-2014-2504

BID: 67595

OSVDB: 107337