cve-2014-2508
Vulnerability from cvelistv5
Published
2014-06-08 01:00
Modified
2024-08-06 10:14
Severity ?
Summary
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.
References
security_alert@emc.comhttp://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
security_alert@emc.comhttp://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
security_alert@emc.comhttp://secunia.com/advisories/58954
security_alert@emc.comhttp://www.securityfocus.com/archive/1/532596/100/0/threaded
security_alert@emc.comhttp://www.securityfocus.com/bid/67918
security_alert@emc.comhttp://www.securitytracker.com/id/1030339
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58954
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/532596/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67918
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030339
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67918"
          },
          {
            "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
          },
          {
            "name": "1030339",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030339"
          },
          {
            "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
          },
          {
            "name": "58954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58954"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "67918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67918"
        },
        {
          "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
        },
        {
          "name": "1030339",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030339"
        },
        {
          "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
        },
        {
          "name": "58954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58954"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-2508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67918"
            },
            {
              "name": "20140605 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
            },
            {
              "name": "1030339",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030339"
            },
            {
              "name": "20140630 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
            },
            {
              "name": "58954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58954"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-2508",
    "datePublished": "2014-06-08T01:00:00",
    "dateReserved": "2014-03-14T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2508\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2014-06-08T04:31:53.487\",\"lastModified\":\"2024-11-21T02:06:26.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.\"},{\"lang\":\"es\",\"value\":\"EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n DQL (Documentum Query Language) y evadir las restricciones de acciones de base de datos a trav\u00e9s de vectores que implican hints DQL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.7\",\"matchCriteriaId\":\"7B188672-1EC2-4338-A868-BD562962D356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDBAEC8D-D945-48CA-84DD-EDBE8029F636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"730510E9-1AE8-44BF-A1DE-5ED40F22D0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC51C95-97DC-44B4-9935-9423CE60289A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACB8EDE-C6AF-4B85-83ED-74097A206B49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CD1EE0-4E72-4C42-857B-AA45F0A17BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"49659818-958F-4B5E-8DA4-B592C67DD13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4E00544-98F6-439C-8F4D-822FCAE775CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8335062A-5A8E-4076-B351-7DFA19CEC818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B283F797-6DAA-40E1-9FAB-16FCAA5241B4\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://secunia.com/advisories/58954\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/532596/100/0/threaded\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/67918\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1030339\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/532596/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/67918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.