Vulnerabilites related to emc - documentum_digital_asset_manager
cve-2014-2503
Vulnerability from cvelistv5
Published
2014-06-06 00:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1030348 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/67868 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
},
{
"name": "1030348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030348"
},
{
"name": "67868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67868"
},
{
"name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T13:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
},
{
"name": "1030348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030348"
},
{
"name": "67868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67868"
},
{
"name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
},
{
"name": "1030348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030348"
},
{
"name": "67868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67868"
},
{
"name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-2503",
"datePublished": "2014-06-06T00:00:00",
"dateReserved": "2014-03-14T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4530
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76405 | vdb-entry, x_refsource_BID | |
| http://seclists.org/bugtraq/2015/Aug/87 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "76405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4530",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3281
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/466876 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-17T15:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#466876",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3281",
"datePublished": "2013-11-06T11:00:00",
"dateReserved": "2013-04-26T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0551
Vulnerability from cvelistv5
Published
2015-07-04 14:00
Modified
2024-08-06 04:10
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032770 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Jul/9 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0551",
"datePublished": "2015-07-04T14:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4524
Vulnerability from cvelistv5
Published
2015-07-04 14:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032770 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Jul/9 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4524",
"datePublished": "2015-07-04T14:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4529
Vulnerability from cvelistv5
Published
2015-07-16 21:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2015/Jul/81 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1032965 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75930 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4529",
"datePublished": "2015-07-16T21:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-06-06 00:55
Modified
2024-11-21 02:06
Severity ?
Summary
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_digital_asset_manager | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "26B23E41-DD76-41EB-9BBA-F47F54B1AA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
},
{
"lang": "es",
"value": "El servidor proxy en miniatura en EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5 y 6.5 SP6 anterior a P13 permite a atacantes remotos realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir restricciones en objetos de consulta a trav\u00e9s de un par\u00e1metro manipulado en una cadena de consulta."
}
],
"id": "CVE-2014-2503",
"lastModified": "2024-11-21T02:06:25.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T00:55:04.103",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
},
{
"source": "security_alert@emc.com",
"url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/67868"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1030348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030348"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | * | |
| emc | documentum_digital_asset_manager | * | |
| emc | documentum_taskspace | * | |
| emc | documentum_web_publisher | * | |
| emc | documentum_webtop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
"versionEndIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en EMC Documentum WebTop en versiones anteriores a 6.8P01, Documentum Administrator hasta la versi\u00f3n 7.2, Documentum Digital Assets Manager hasta la versi\u00f3n 6.5SP6, Documentum Web Publishers hasta la versi\u00f3n 6.5SP7 y Documentum Task Space hasta la versi\u00f3n 6.7SP2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2518."
}
],
"id": "CVE-2015-4530",
"lastModified": "2024-11-21T02:31:16.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T10:59:11.887",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76405"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3E66AD-4E04-43CF-BBF0-5EF937E0A6B2",
"versionEndIncluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33A27CD7-EC02-4857-B3F5-209618BFD4DC",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "AD943366-FEAC-47EC-A7B4-055C016E6508",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1502E229-F43E-49C6-939C-7AA8AC109261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "19888BA7-79F3-4349-94C9-BADE36472A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E963CDB8-7C8E-4011-BC8A-D3FB30EB4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A92A160F-7619-4C39-AB66-658EBC12EF36",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C8313C21-9CB0-45B6-BB70-ACF81966EBDE",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "BD051A73-40A0-410E-9515-2E57DB56ABD1",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "37849165-C537-40E0-8311-EDC8F77301FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8DE1215F-FCFD-40E3-90D7-229F2295B521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4B60F98D-62BB-4745-8BEB-04608C4E3F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F7927999-12E9-4BF9-B2A6-51BA0A5D5E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2CCF762-2FBC-426C-A778-398550596A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "69CFEE7E-BDD1-4CB6-B115-DFF3A881B160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro dise\u00f1ado en una URL."
}
],
"id": "CVE-2013-3281",
"lastModified": "2024-11-21T01:53:19.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-06T15:55:05.093",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-16 21:59
Modified
2024-11-21 02:31
Severity ?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | * | |
| emc | documentum_digital_asset_manager | * | |
| emc | documentum_taskspace | * | |
| emc | documentum_web_publisher | * | |
| emc | documentum_webtop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
"versionEndIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en EMC Documentum WebTop anterior a 6.8P02, Documentum Administrator anterior a 7.2P01, Documentum Digital Assets Manager hasta 6.5SP6, Documentum Web Publishers hasta 6.5SP7 y Documentum Task Space hasta 6.7SP2, permite a atacantes remotos redirigir a usuarios hacia p\u00e1ginas web arbitrarias y llevar a cabo ataques de phishing por medio de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-4529",
"lastModified": "2024-11-21T02:31:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-16T21:59:03.497",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/75930"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032965"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-04 14:59
Modified
2024-11-21 02:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_web_publisher | 6.5 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0551",
"lastModified": "2024-11-21T02:23:17.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-04T14:59:00.090",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032770"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-04 14:59
Modified
2024-11-21 02:31
Severity ?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2015/Jul/9 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1032770 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2015/Jul/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032770 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_web_publisher | 6.5 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
},
{
"lang": "es",
"value": "Vulnerabilidad de la subida de ficheros sin restricciones en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la subida de un fichero al backend Content Server."
}
],
"id": "CVE-2015-4524",
"lastModified": "2024-11-21T02:31:16.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-04T14:59:01.917",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032770"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}