Detections
Analytics
EMC Documentum Content Server Insecure Direct Object Reference (ESA-2014-156)
high Nessus Plugin ID 79720
Language:
Synopsis
The remote host is affected by an insecure direct object reference vulnerability.Description
The remote host is running a version of EMC Documentum Content Server that is affected by an insecure direct object reference vulnerability, which allows a remote, authenticated attacker to potentially read or delete arbitrary files without authorization.Solution
Apply the relevant patch referenced in the vendor advisory.See Also
https://seclists.org/bugtraq/2014/Dec/att-14/ESA-2014-156.txt
Plugin Details
Severity: High
ID: 79720
File Name: emc_documentum_content_server_ESA-2014-156.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 12/4/2014
Updated: 11/25/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2014-4629
Vulnerability Information
CPE: cpe:/a:emc:documentum_content_server
Required KB Items: installed_sw/EMC Documentum Content Server
Exploit Ease: No known exploits are available
Patch Publication Date: 12/2/2014
Vulnerability Publication Date: 12/2/2014
Reference Information
CVE: CVE-2014-4629
BID: 71422