PT-2014-3725 · Emc · Emc Documentum Taskspace

Published

2014-03-06

Updated

2014-03-07

CVE-2014-0629

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Documentum TaskSpace (TSP) versions 6.7SP1 before P25 EMC Documentum TaskSpace (TSP) versions 6.7SP2 before P11

Description The issue arises from the incorrect handling of the interaction between the dm world group and the dm superusers dynamic group. This allows remote authenticated users to obtain sensitive information and gain privileges in certain circumstances by leveraging an incorrect group-addition implementation.

Recommendations For versions 6.7SP1 before P25, update to a version that includes the fixes provided in P25 or later. For versions 6.7SP2 before P11, update to a version that includes the fixes provided in P11 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0629

Affected Products

Emc Documentum Taskspace

PT-2014-3725 · Emc · Emc Documentum Taskspace

CVE-2014-0629

Weakness Enumeration

Related Identifiers

Affected Products

References · 2