CVE-2015-4524 - OpenCVE

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Documentum Administrator Documentum Digital Asset Manager Documentum Taskspace Documentum Web Publisher Documentum Webtop

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_administrator:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_administrator:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_administrator:7.0:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.1:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.2:::::::*
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_webtop:6.8:::::::*

No data.

References

Link	Providers
http://seclists.org/bugtraq/2015/Jul/9
http://www.securitytracker.com/id/1032770

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2015-07-04T14:00:00

Updated: 2024-08-06T06:18:11.790Z

Reserved: 2015-06-11T00:00:00

Link: CVE-2015-4524

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-07-04T14:59:01.917

Modified: 2016-12-28T16:47:51.593

Link: CVE-2015-4524

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1032770", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2015-4524", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032770", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2015/Jul/9"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.790Z"}, "title": "CVE Program Container", "references": [{"name": "1032770", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2015-4524", "datePublished": "2015-07-04T14:00:00", "dateReserved": "2015-06-11T00:00:00", "dateUpdated": "2024-08-06T06:18:11.790Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*", "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*", "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."}, {"lang": "es", "value": "Vulnerabilidad de la subida de ficheros sin restricciones en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la subida de un fichero al backend Content Server."}], "id": "CVE-2015-4524", "lastModified": "2016-12-28T16:47:51.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-04T14:59:01.917", "references": [{"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032770"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}