CVE-2014-0629 - Vulnerability Details - OpenCVE

EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Documentum Taskspace

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::

No data.

References

Link	Providers
http://seclists.org/bugtraq/2014/Mar/33

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2014-03-06T11:00:00

Updated: 2024-08-06T09:20:19.739Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0629

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-03-06T11:55:05.193

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-0629

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-06T09:57:00", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2014/Mar/33"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2014-0629", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2014/Mar/33"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:19.739Z"}, "title": "CVE Program Container", "references": [{"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2014/Mar/33"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2014-0629", "datePublished": "2014-03-06T11:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:20:19.739Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."}, {"lang": "es", "value": "EMC Documentum TaskSpace (TSP) 6.7SP1 anterior a P25 y 6.7SP2 anterior a P11 no maneja debidamente la interacci\u00f3n entre el grupo dm_world y el grupo dm_superusers_dynamic, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible y ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de una implementaci\u00f3n group-addition incorrecta."}], "id": "CVE-2014-0629", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-06T11:55:05.193", "references": [{"source": "security_alert@emc.com", "url": "http://seclists.org/bugtraq/2014/Mar/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/bugtraq/2014/Mar/33"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}