CVE-2015-0550

Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:P

Exploitability : 10.0 / Impact : 7.8

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/bugtraq/2015/Jun/114
http://www.securitytracker.com/id/1032694

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_thumbnail_server:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_thumbnail_server:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_thumbnail_server:7.0:::::::*
	cpe:2.3:a:emc:documentum_thumbnail_server:7.1:::::::*
	cpe:2.3:a:emc:documentum_thumbnail_server:7.2:::::::*

History

No history.

Information

Published : 2015-06-28 19:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-0550

Mitre link : CVE-2015-0550

CVE.ORG link : CVE-2015-0550

JSON object : View

Products Affected

emc

documentum_thumbnail_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2015-0550", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-28T19:59:02.303", "references": [{"url": "http://seclists.org/bugtraq/2015/Jun/114", "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1032694", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en EMC Documentum Thumbnail Server 6.7SP1 anterior a P32, 6.7SP2 anterior a P25, 7.0 anterior a P19, 7.1 anterior a P16, y 7.2 anterior a P01 permite a atacantes remotos evadir las restricciones de acceso a Content Server a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-09-23T01:29:00.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_thumbnail_server:6.7:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02BF5940-1918-4FC2-A3F8-DBE6E5EE34B1"}, {"criteria": "cpe:2.3:a:emc:documentum_thumbnail_server:6.7:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C20C1E71-2E22-4881-A575-2009E5D67C8C"}, {"criteria": "cpe:2.3:a:emc:documentum_thumbnail_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DCF4A3D-E014-463E-A7C8-12449DDE118B"}, {"criteria": "cpe:2.3:a:emc:documentum_thumbnail_server:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5ACA1E-E024-42F7-9A9E-7D3A3987A721"}, {"criteria": "cpe:2.3:a:emc:documentum_thumbnail_server:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84308541-5A37-4502-81ED-38E8C78EA731"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}