Vulnerability Details : CVE-2015-0518
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
Products affected by CVE-2015-0518
- cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0518
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0518
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2015-0518
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0518
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100875
EMC Documentum D2 D2FS web service privilege escalation CVE-2015-0518 Vulnerability Report
-
http://www.securitytracker.com/id/1031693
EMC Documentum D2 Bugs Lets Remote Authenticated Users Obtain Sensitive Information and Gain Elevated Privileges - SecurityTrackerVDB Entry;Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html
Broken Link
-
http://www.securityfocus.com/bid/72502
EMC Documentum D2 CVE-2015-0518 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to