Unrated severityNVD Advisory· Published Aug 20, 2014· Updated Jun 17, 2026
CVE-2014-2515
CVE-2014-2515
Description
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.
Affected products
6cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
- (no CPE)range: 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, 4.2 before P05
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.