Vulnerabilites related to emc - documentum_capital_projects
Vulnerability from fkie_nvd
Published
2016-06-23 00:59
Modified
2024-11-21 02:42
Severity ?
Summary
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/Jun/92 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1036153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/Jun/92 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036153 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_capital_projects | 1.10 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_webtop | 6.8 | |
| emc | documentum_webtop | 6.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2105B120-08F1-4493-8EDD-6DD8492A6D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "15EF2D73-E10A-469A-A8F4-9F4A2AE07C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
},
{
"lang": "es",
"value": "EMC Documentum WebTop 6.8 en versiones anteriores a Patch 13 y 6.8.1 en versiones anteriores a Patch 02, Documentum Administrator 7.x en versiones anteriores a 7.2 Patch 13, Documentum Capital Projects 1.9 en versiones anteriores a Patch 23 y 1.10 en versiones anteriores a Patch 10 y Documentum TaskSpace 6.7 SP3 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y ejecutar comandos IAPI/IDQL arbitrarios a trav\u00e9s de la interfaz IAPI/IDQL."
}
],
"id": "CVE-2016-0914",
"lastModified": "2024-11-21T02:42:37.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-23T00:59:01.223",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2024-11-21 02:06
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | digital_assets_manager | 6.5 | |
| emc | digital_assets_manager | 6.5 | |
| emc | digital_assets_manager | 6.5 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_capital_projects | 1.8 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | engineering_plant_facilities_management_solution_for_documentum | 1.7 | |
| emc | task_space | 6.7 | |
| emc | task_space | 6.7 | |
| emc | web_publishers | 6.5 | |
| emc | web_publishers | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8B2F44-0C11-4C5F-A9BF-370B2200C02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "1F9563AE-98CF-47FE-BD6F-DE6A16FCE9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B3E8924B-2D5F-4C58-A52E-98D7EC559484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA794FE-5435-4657-B064-C4431D22A575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F2EF8-62DD-4EB2-8395-16D243E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4C2C8EC9-1FC3-4527-A77C-279F718075EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42FD2B6A-3F23-415A-BF2B-32702EAD5BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4B004E9E-0316-41C5-B299-E90C86CA6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:engineering_plant_facilities_management_solution_for_documentum:1.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "09A02ABE-068E-4916-874A-56E8C7714E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:task_space:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6953B52A-612A-4C25-B3BA-B633C011BE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:task_space:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "73A6B036-80E3-4714-B9D4-CFA6E03A32B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "7543EDA8-0F65-4099-AB80-D98685B11F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "967D249D-CC16-4F33-B4C6-3F096C410D1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en EMC Documentum WDK anterior a 6.7SP1 P28 y 6.7SP2 anterior a P15 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2014-2518",
"lastModified": "2024-11-21T02:06:27.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-20T11:17:13.907",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/60563"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69277"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030742"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3E66AD-4E04-43CF-BBF0-5EF937E0A6B2",
"versionEndIncluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33A27CD7-EC02-4857-B3F5-209618BFD4DC",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "AD943366-FEAC-47EC-A7B4-055C016E6508",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1502E229-F43E-49C6-939C-7AA8AC109261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "19888BA7-79F3-4349-94C9-BADE36472A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E963CDB8-7C8E-4011-BC8A-D3FB30EB4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A92A160F-7619-4C39-AB66-658EBC12EF36",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C8313C21-9CB0-45B6-BB70-ACF81966EBDE",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "BD051A73-40A0-410E-9515-2E57DB56ABD1",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "37849165-C537-40E0-8311-EDC8F77301FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8DE1215F-FCFD-40E3-90D7-229F2295B521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4B60F98D-62BB-4745-8BEB-04608C4E3F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F7927999-12E9-4BF9-B2A6-51BA0A5D5E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2CCF762-2FBC-426C-A778-398550596A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "69CFEE7E-BDD1-4CB6-B115-DFF3A881B160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro dise\u00f1ado en una URL."
}
],
"id": "CVE-2013-3281",
"lastModified": "2024-11-21T01:53:19.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-06T15:55:05.093",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 11:17
Modified
2024-11-21 02:06
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | digital_assets_manager | 6.5 | |
| emc | digital_assets_manager | 6.5 | |
| emc | digital_assets_manager | 6.5 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_capital_projects | 1.8 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | engineering_plant_facilities_management_solution_for_documentum | 1.7 | |
| emc | engineering_plant_facilities_management_solution_for_documentum | 1.7 | |
| emc | records_client | 6.7 | |
| emc | records_client | 6.7 | |
| emc | records_client | 6.7 | |
| emc | task_space | 6.7 | |
| emc | task_space | 6.7 | |
| emc | task_space | 6.7 | |
| emc | web_publishers | 6.5 | |
| emc | web_publishers | 6.5 | |
| emc | web_publishers | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8B2F44-0C11-4C5F-A9BF-370B2200C02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "1F9563AE-98CF-47FE-BD6F-DE6A16FCE9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:digital_assets_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B3E8924B-2D5F-4C58-A52E-98D7EC559484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA794FE-5435-4657-B064-C4431D22A575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:engineering_plant_facilities_management_solution_for_documentum:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2348B52A-CE72-46FC-BC2F-037109752D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:engineering_plant_facilities_management_solution_for_documentum:1.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "09A02ABE-068E-4916-874A-56E8C7714E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:records_client:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0CB76-D7A1-45D7-9A7C-3A5B078DEFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:records_client:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5B1686DE-27ED-429B-AB2C-EAFE3DABB2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:records_client:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "045CADF0-2588-42B0-B8A9-9BA0D4213681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:task_space:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96E9E86B-DFD4-429B-BF45-81D9DEA5638F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:task_space:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6953B52A-612A-4C25-B3BA-B633C011BE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:task_space:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "73A6B036-80E3-4714-B9D4-CFA6E03A32B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:web_publishers:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CDFCCE-AE01-4AE7-84CC-D8E2519C0B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "7543EDA8-0F65-4099-AB80-D98685B11F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:web_publishers:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "967D249D-CC16-4F33-B4C6-3F096C410D1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop anterior a 6.7 SP1 P28 y 6.7 SP2 anterior a P14 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) startat o (2) entryId."
}
],
"id": "CVE-2014-2511",
"lastModified": "2024-11-21T02:06:26.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-20T11:17:13.780",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://secunia.com/advisories/60561"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/69272"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030741"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 07:59
Modified
2024-11-21 02:58
Severity ?
Summary
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_capital_projects | 1.10 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_webtop | 6.8 | |
| emc | documentum_webtop | 6.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2105B120-08F1-4493-8EDD-6DD8492A6D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "15EF2D73-E10A-469A-A8F4-9F4A2AE07C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versi\u00f3n 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versi\u00f3n 1.10 antes de P17 y EMC Documentum Administrator versi\u00f3n 7.0, versi\u00f3n 7.1 y versi\u00f3n 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podr\u00eda ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado."
}
],
"id": "CVE-2016-8213",
"lastModified": "2024-11-21T02:58:59.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T07:59:00.440",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1037626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037626"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-2518
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60563 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/69277 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/533159/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95365 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030742 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60563"
},
{
"name": "69277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69277"
},
{
"name": "20140818 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded"
},
{
"name": "emc-cve20142518-csrf(95365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365"
},
{
"name": "1030742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "60563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60563"
},
{
"name": "69277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69277"
},
{
"name": "20140818 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded"
},
{
"name": "emc-cve20142518-csrf(95365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365"
},
{
"name": "1030742",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60563"
},
{
"name": "69277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69277"
},
{
"name": "20140818 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533159/30/0/threaded"
},
{
"name": "emc-cve20142518-csrf(95365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95365"
},
{
"name": "1030742",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2518",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3281
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/466876 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-17T15:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#466876",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3281",
"datePublished": "2013-11-06T11:00:00",
"dateReserved": "2013-04-26T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2511
Vulnerability from cvelistv5
Published
2014-08-20 10:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69272 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95366 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/533160/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/60561 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030741 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69272"
},
{
"name": "emc-cve20142511-xss(95366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366"
},
{
"name": "20140818 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded"
},
{
"name": "60561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60561"
},
{
"name": "1030741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "69272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69272"
},
{
"name": "emc-cve20142511-xss(95366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366"
},
{
"name": "20140818 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded"
},
{
"name": "60561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60561"
},
{
"name": "1030741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69272"
},
{
"name": "emc-cve20142511-xss(95366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95366"
},
{
"name": "20140818 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533160/30/0/threaded"
},
{
"name": "60561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60561"
},
{
"name": "1030741",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2511",
"datePublished": "2014-08-20T10:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0914
Vulnerability from cvelistv5
Published
2016-06-23 00:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2016/Jun/92 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1036153 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0914",
"datePublished": "2016-06-23T00:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8213
Vulnerability from cvelistv5
Published
2017-01-23 06:49
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/540019/30/0/threaded | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95625 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037626 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum Webtop and Clients |
Version: EMC Documentum Webtop and Clients |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum Webtop and Clients",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum Webtop and Clients"
}
]
}
],
"datePublic": "2017-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-8213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum Webtop and Clients",
"version": {
"version_data": [
{
"version_value": "EMC Documentum Webtop and Clients"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-8213",
"datePublished": "2017-01-23T06:49:00",
"dateReserved": "2016-09-13T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}