Vulnerabilites related to emc - documentum_taskspace
Vulnerability from fkie_nvd
Published
2013-05-10 11:42
Modified
2024-11-21 01:48
Severity ?
Summary
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F2EF8-62DD-4EB2-8395-16D243E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4C2C8EC9-1FC3-4527-A77C-279F718075EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-0937",
"lastModified": "2024-11-21T01:48:29.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-10T11:42:29.987",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-16 21:59
Modified
2024-11-21 02:31
Severity ?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | * | |
| emc | documentum_digital_asset_manager | * | |
| emc | documentum_taskspace | * | |
| emc | documentum_web_publisher | * | |
| emc | documentum_webtop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
"versionEndIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en EMC Documentum WebTop anterior a 6.8P02, Documentum Administrator anterior a 7.2P01, Documentum Digital Assets Manager hasta 6.5SP6, Documentum Web Publishers hasta 6.5SP7 y Documentum Task Space hasta 6.7SP2, permite a atacantes remotos redirigir a usuarios hacia p\u00e1ginas web arbitrarias y llevar a cabo ataques de phishing por medio de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-4529",
"lastModified": "2024-11-21T02:31:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-16T21:59:03.497",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/75930"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032965"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 07:59
Modified
2024-11-21 02:58
Severity ?
Summary
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_capital_projects | 1.10 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_webtop | 6.8 | |
| emc | documentum_webtop | 6.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2105B120-08F1-4493-8EDD-6DD8492A6D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "15EF2D73-E10A-469A-A8F4-9F4A2AE07C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versi\u00f3n 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versi\u00f3n 1.10 antes de P17 y EMC Documentum Administrator versi\u00f3n 7.0, versi\u00f3n 7.1 y versi\u00f3n 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podr\u00eda ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado."
}
],
"id": "CVE-2016-8213",
"lastModified": "2024-11-21T02:58:59.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T07:59:00.440",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1037626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037626"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."
},
{
"lang": "es",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 anterior a P25 y 6.7SP2 anterior a P11 no maneja debidamente la interacci\u00f3n entre el grupo dm_world y el grupo dm_superusers_dynamic, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible y ganar privilegios en circunstancias oportunistas mediante el aprovechamiento de una implementaci\u00f3n group-addition incorrecta."
}
],
"id": "CVE-2014-0629",
"lastModified": "2024-11-21T02:02:31.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.193",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-23 00:59
Modified
2024-11-21 02:42
Severity ?
Summary
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/Jun/92 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1036153 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/Jun/92 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036153 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_capital_projects | 1.9 | |
| emc | documentum_capital_projects | 1.10 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_webtop | 6.8 | |
| emc | documentum_webtop | 6.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2105B120-08F1-4493-8EDD-6DD8492A6D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "15EF2D73-E10A-469A-A8F4-9F4A2AE07C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
},
{
"lang": "es",
"value": "EMC Documentum WebTop 6.8 en versiones anteriores a Patch 13 y 6.8.1 en versiones anteriores a Patch 02, Documentum Administrator 7.x en versiones anteriores a 7.2 Patch 13, Documentum Capital Projects 1.9 en versiones anteriores a Patch 23 y 1.10 en versiones anteriores a Patch 10 y Documentum TaskSpace 6.7 SP3 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y ejecutar comandos IAPI/IDQL arbitrarios a trav\u00e9s de la interfaz IAPI/IDQL."
}
],
"id": "CVE-2016-0914",
"lastModified": "2024-11-21T02:42:37.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-23T00:59:01.223",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-04 14:59
Modified
2024-11-21 02:31
Severity ?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2015/Jul/9 | Mailing List, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1032770 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2015/Jul/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032770 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_web_publisher | 6.5 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
},
{
"lang": "es",
"value": "Vulnerabilidad de la subida de ficheros sin restricciones en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la subida de un fichero al backend Content Server."
}
],
"id": "CVE-2015-4524",
"lastModified": "2024-11-21T02:31:16.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-04T14:59:01.917",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032770"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-04 14:59
Modified
2024-11-21 02:23
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 6.7 | |
| emc | documentum_administrator | 7.0 | |
| emc | documentum_administrator | 7.1 | |
| emc | documentum_administrator | 7.2 | |
| emc | documentum_digital_asset_manager | 6.5 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_web_publisher | 6.5 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
"matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0551",
"lastModified": "2024-11-21T02:23:17.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-04T14:59:00.090",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032770"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-10 11:42
Modified
2024-11-21 01:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F2EF8-62DD-4EB2-8395-16D243E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4C2C8EC9-1FC3-4527-A77C-279F718075EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-0938",
"lastModified": "2024-11-21T01:48:29.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-10T11:42:30.003",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:31
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_administrator | * | |
| emc | documentum_digital_asset_manager | * | |
| emc | documentum_taskspace | * | |
| emc | documentum_web_publisher | * | |
| emc | documentum_webtop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
"versionEndIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en EMC Documentum WebTop en versiones anteriores a 6.8P01, Documentum Administrator hasta la versi\u00f3n 7.2, Documentum Digital Assets Manager hasta la versi\u00f3n 6.5SP6, Documentum Web Publishers hasta la versi\u00f3n 6.5SP7 y Documentum Task Space hasta la versi\u00f3n 6.7SP2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2518."
}
],
"id": "CVE-2015-4530",
"lastModified": "2024-11-21T02:31:16.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T10:59:11.887",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/76405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76405"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-10 11:42
Modified
2024-11-21 01:48
Severity ?
Summary
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_records_manager | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_wdk | 6.7 | |
| emc | documentum_webtop | 6.7 | |
| emc | documentum_webtop | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A21F2EF8-62DD-4EB2-8395-16D243E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4C2C8EC9-1FC3-4527-A77C-279F718075EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."
},
{
"lang": "es",
"value": "EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2 permite a atacantes remotos obtener informaci\u00f3n sensible a traves de vectores que comprenden frames \"cross-origin\", relacionado con un problema \"Cross Frame Scripting\"."
}
],
"id": "CVE-2013-0939",
"lastModified": "2024-11-21T01:48:29.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-10T11:42:30.030",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-06 11:55
Modified
2024-11-21 02:02
Severity ?
Summary
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_taskspace | 6.7 | |
| emc | documentum_taskspace | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL."
},
{
"lang": "es",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 anterior a P25 y 6.7SP2 anterior a P11 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de una URL modificada de servicio de im\u00e1genes."
}
],
"id": "CVE-2014-0630",
"lastModified": "2024-11-21T02:02:31.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-06T11:55:05.223",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3E66AD-4E04-43CF-BBF0-5EF937E0A6B2",
"versionEndIncluding": "1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33A27CD7-EC02-4857-B3F5-209618BFD4DC",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "AD943366-FEAC-47EC-A7B4-055C016E6508",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1502E229-F43E-49C6-939C-7AA8AC109261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "19888BA7-79F3-4349-94C9-BADE36472A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E963CDB8-7C8E-4011-BC8A-D3FB30EB4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A92A160F-7619-4C39-AB66-658EBC12EF36",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C8313C21-9CB0-45B6-BB70-ACF81966EBDE",
"versionEndIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "BD051A73-40A0-410E-9515-2E57DB56ABD1",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "37849165-C537-40E0-8311-EDC8F77301FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8DE1215F-FCFD-40E3-90D7-229F2295B521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4B60F98D-62BB-4745-8BEB-04608C4E3F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F7927999-12E9-4BF9-B2A6-51BA0A5D5E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A2CCF762-2FBC-426C-A778-398550596A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "69CFEE7E-BDD1-4CB6-B115-DFF3A881B160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro dise\u00f1ado en una URL."
}
],
"id": "CVE-2013-3281",
"lastModified": "2024-11-21T01:53:19.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-06T15:55:05.093",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-0937
Vulnerability from cvelistv5
Published
2013-05-10 10:00
Modified
2024-09-16 20:31
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-10T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0937",
"datePublished": "2013-05-10T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T20:31:22.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0551
Vulnerability from cvelistv5
Published
2015-07-04 14:00
Modified
2024-08-06 04:10
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032770 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Jul/9 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0551",
"datePublished": "2015-07-04T14:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3281
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/466876 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-17T15:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "VU#466876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-3281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#466876",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/466876"
},
{
"name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-3281",
"datePublished": "2013-11-06T11:00:00",
"dateReserved": "2013-04-26T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0914
Vulnerability from cvelistv5
Published
2016-06-23 00:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2016/Jun/92 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1036153 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160622 ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jun/92"
},
{
"name": "1036153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0914",
"datePublished": "2016-06-23T00:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0939
Vulnerability from cvelistv5
Published
2013-05-10 10:00
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-10T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0939",
"datePublished": "2013-05-10T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:10.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4530
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76405 | vdb-entry, x_refsource_BID | |
| http://seclists.org/bugtraq/2015/Aug/87 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "76405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76405"
},
{
"name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/87"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4530",
"datePublished": "2015-08-20T10:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0938
Vulnerability from cvelistv5
Published
2013-05-10 10:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:41:48.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-10T10:00:00Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2013-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2013-0938",
"datePublished": "2013-05-10T10:00:00Z",
"dateReserved": "2013-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:44.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0630
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2014/Mar/33 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0630",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0629
Vulnerability from cvelistv5
Published
2014-03-06 11:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2014/Mar/33 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-06T09:57:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2014-0629",
"datePublished": "2014-03-06T11:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8213
Vulnerability from cvelistv5
Published
2017-01-23 06:49
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/540019/30/0/threaded | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95625 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037626 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum Webtop and Clients |
Version: EMC Documentum Webtop and Clients |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum Webtop and Clients",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum Webtop and Clients"
}
]
}
],
"datePublic": "2017-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-8213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum Webtop and Clients",
"version": {
"version_data": [
{
"version_value": "EMC Documentum Webtop and Clients"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
},
{
"name": "95625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95625"
},
{
"name": "1037626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-8213",
"datePublished": "2017-01-23T06:49:00",
"dateReserved": "2016-09-13T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4529
Vulnerability from cvelistv5
Published
2015-07-16 21:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2015/Jul/81 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1032965 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75930 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/81"
},
{
"name": "1032965",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032965"
},
{
"name": "75930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4529",
"datePublished": "2015-07-16T21:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4524
Vulnerability from cvelistv5
Published
2015-07-04 14:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032770 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/bugtraq/2015/Jul/9 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032770"
},
{
"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4524",
"datePublished": "2015-07-04T14:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}