CVE-2014-4626

Name of the Vulnerable Software and Affected Versions EMC Documentum Content Server versions prior to 6.7 SP1 P29 EMC Documentum Content Server versions 6.7 SP2 prior to P18 EMC Documentum Content Server versions 7.0 prior to P16 EMC Documentum Content Server versions 7.1 prior to P09

Description The issue allows remote authenticated users to gain privileges. This can be achieved by placing a command in a dm job object and setting its owner to a privileged user. Alternatively, it can be done by placing a rename action in a dm job request object and waiting for a dm UserRename or dm GroupRename service task. The issue exists due to an incomplete fix for a previous problem.

Recommendations For versions prior to 6.7 SP1 P29, update to 6.7 SP1 P29 or later. For versions 6.7 SP2 prior to P18, update to 6.7 SP2 P18 or later. For versions 7.0 prior to P16, update to 7.0 P16 or later. For versions 7.1 prior to P09, update to 7.1 P09 or later.