EMC Documentum D2 Privilege Escalation (ESA-2014-067)

High Nessus Plugin ID 77304


The remote host is affected by a privilege escalation vulnerability.


The remote host is running EMC Documentum D2. It is, therefore, affected by a privilege escalation vulnerability due to a flaw in the 'D2GetAdminTicketMethod' and 'D2RefreshCacheMethod' methods. A remote, authenticated attacker can exploit these methods to obtain superuser privileges.


Apply the relevant patch referenced in the vendor advisory.

See Also


Plugin Details

Severity: High

ID: 77304

File Name: emc_documentum_d2_ESA-2014-067.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2014/08/21

Modified: 2015/02/18

Dependencies: 77303

Risk Information

Risk Factor: High


Base Score: 8.5

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_d2

Required KB Items: installed_sw/EMC Documentum D2

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/20

Vulnerability Publication Date: 2014/08/20

Reference Information

CVE: CVE-2014-2515

BID: 69275

OSVDB: 110019