Skip to main content

Documentum Content Server CVE-2014-2521

MEDIUM
Information Exposure (CWE-200)
2014-08-20 security_alert@emc.com
6.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:C/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 20, 2014 - 11:17 cve.org
MEDIUM 6.3

DescriptionCVE.org

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.

AnalysisAI

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. Affected products include: Emc Documentum Content Server. Version information: before 6.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2017-15012 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the i

CVE-2017-15013 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

CVE-2017-15276 HIGH POC
8.8 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

CVE-2017-7221 HIGH POC
8.8 Apr 25

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote aut

CVE-2017-5585 HIGH POC
8.8 Feb 22

OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and re

CVE-2017-7220 HIGH POC
8.8 Apr 21

OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an

CVE-2023-31871 HIGH POC
7.8 May 18

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Doc

CVE-2015-4533 CRITICAL
9.0 Aug 20

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d

CVE-2015-4534 CRITICAL
9.0 Aug 20

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 befo

CVE-2015-4532 CRITICAL
9.0 Aug 20

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d

CVE-2014-4626 CRITICAL
9.0 Dec 17

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote a

CVE-2017-15014 MEDIUM POC
4.3 Oct 13

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga

Share

CVE-2014-2521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy