CVE-2015-4535

Severity

75%

Complexity

68%

Confidentiality

141%

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.

Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:C).

Overview

Type

EMC Documentum Content Server

First reported 9 years ago

2015-08-20 10:59:00

Last updated 7 years ago

2017-09-21 01:29:00

Affected Software

EMC Documentum Content Server 6.7 Service Pack 1

6.7

EMC Documentum Content Server 6.7 Service Pack 2

6.7

EMC Documentum Content Server 7.0

7.0

EMC Documentum Content Server 7.1

7.1

EMC Documentum Content Server 7.2

7.2

References

20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities

76409

1033296

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.