CVE-2014-2507

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.

Published: Jun 8, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2507
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
emc / documentum_content_server	6.7	6.7.x
emc / documentum_content_server	6.7-sp2	6.7-sp2.x
emc / documentum_content_server	7.0	7.0.x
emc / documentum_content_server	-	6.7.x
emc / documentum_content_server	6.0	6.0.x
emc / documentum_content_server	6.5-sp2	6.5-sp2.x
emc / documentum_content_server	6.5	6.5.x
emc / documentum_content_server	6.6	6.6.x
emc / documentum_content_server	6.5-sp1	6.5-sp1.x
emc / documentum_content_server	7.1	7.1.x
emc / documentum_content_server	6.5-sp3	6.5-sp3.x

http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
http://secunia.com/advisories/58954
http://www.securityfocus.com/archive/1/532596/100/0/threaded
http://www.securityfocus.com/bid/67916
http://www.securitytracker.com/id/1030339

Vulnerability Database

289,784

CVE-2014-2507