CVE-2014-0642 - Vulnerability Details

Vendors	Products
Emc	Documentum Content Server

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html
http://twitter.com/artika4biz/statuses/455358950116823040

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-15T22:57:00", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/artika4biz/statuses/455358950116823040"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-0642", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"}, {"name": "http://twitter.com/artika4biz/statuses/455358950116823040", "refsource": "MISC", "url": "http://twitter.com/artika4biz/statuses/455358950116823040"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:20.042Z"}, "title": "CVE Program Container", "references": [{"name": "20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://twitter.com/artika4biz/statuses/455358950116823040"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-0642", "datePublished": "2014-04-15T23:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:20:20.042Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-04-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2014-04-15T22:57:00 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

name : 20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2014-0642 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability (string)

refsource : BUGTRAQ (string)

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html (string)

}

1 : { »

name : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

refsource : MISC (string)

url : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T09:20:20.042Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2014-0642 (string)

datePublished : 2014-04-15T23:00:00 (string)

dateReserved : 2014-01-02T00:00:00 (string)

dateUpdated : 2024-08-06T09:20:20.042Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356", "versionEndIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors."}, {"lang": "es", "value": "EMC Documentum Content Server anterior a 6.7 SP1 P26, 6.7 SP2 anterior a P13, 7.0 anterior a P13 y 7.1 anterior a P02 permite a usuarios remotos autenticados evadir restricciones de acceso y leer metadatos de ciertos ficheros a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0642", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-15T23:13:16.790", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"}, {"source": "security_alert@emc.com", "url": "http://twitter.com/artika4biz/statuses/455358950116823040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://twitter.com/artika4biz/statuses/455358950116823040"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 7B188672-1EC2-4338-A868-BD562962D356 (string)

versionEndIncluding : 6.7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FDBAEC8D-D945-48CA-84DD-EDBE8029F636 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 730510E9-1AE8-44BF-A1DE-5ED40F22D0B6 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:* (string)

matchCriteriaId : CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 3AC51C95-97DC-44B4-9935-9423CE60289A (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 0ACB8EDE-C6AF-4B85-83ED-74097A206B49 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 25CD1EE0-4E72-4C42-857B-AA45F0A17BBB (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:* (string)

matchCriteriaId : 49659818-958F-4B5E-8DA4-B592C67DD13F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:* (string)

matchCriteriaId : B4E00544-98F6-439C-8F4D-822FCAE775CA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8335062A-5A8E-4076-B351-7DFA19CEC818 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B283F797-6DAA-40E1-9FAB-16FCAA5241B4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : EMC Documentum Content Server anterior a 6.7 SP1 P26, 6.7 SP2 anterior a P13, 7.0 anterior a P13 y 7.1 anterior a P02 permite a usuarios remotos autenticados evadir restricciones de acceso y leer metadatos de ciertos ficheros a través de vectores no especificados. (string)

}

]

id : CVE-2014-0642 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-04-15T23:13:16.790 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html (string)

}

1 : { »

source : security_alert@emc.com (string)

url : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://twitter.com/artika4biz/statuses/455358950116823040 (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object