fkie_nvd - fkie_cve-2014-2508

fkie_cve-2014-2508

Vulnerability from fkie_nvd

Published

2014-06-08 04:31

Modified

2024-11-21 02:06

Severity ?

Summary

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.

References

▼	URL	Tags
	security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
	security_alert@emc.com	http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
	security_alert@emc.com	http://secunia.com/advisories/58954
	security_alert@emc.com	http://www.securityfocus.com/archive/1/532596/100/0/threaded
	security_alert@emc.com	http://www.securityfocus.com/bid/67918
	security_alert@emc.com	http://www.securitytracker.com/id/1030339
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58954
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/532596/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67918
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030339

Impacted products

Vendor	Product	Version
emc	documentum_content_server	*
emc	documentum_content_server	6.0
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.5
emc	documentum_content_server	6.6
emc	documentum_content_server	6.7
emc	documentum_content_server	6.7
emc	documentum_content_server	7.0
emc	documentum_content_server	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7B188672-1EC2-4338-A868-BD562962D356",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBAEC8D-D945-48CA-84DD-EDBE8029F636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "730510E9-1AE8-44BF-A1DE-5ED40F22D0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "CC8840D2-5DE8-4EB6-A03F-BFF1C8A9BF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3AC51C95-97DC-44B4-9935-9423CE60289A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0ACB8EDE-C6AF-4B85-83ED-74097A206B49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "25CD1EE0-4E72-4C42-857B-AA45F0A17BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "49659818-958F-4B5E-8DA4-B592C67DD13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B4E00544-98F6-439C-8F4D-822FCAE775CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8335062A-5A8E-4076-B351-7DFA19CEC818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B283F797-6DAA-40E1-9FAB-16FCAA5241B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints."
    },
    {
      "lang": "es",
      "value": "EMC Documentum Content Server anterior a 6.7 SP1 P28, 6.7 SP2 anterior a P14, 7.0 anterior a P15 y 7.1 anterior a P05 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n DQL (Documentum Query Language) y evadir las restricciones de acciones de base de datos a trav\u00e9s de vectores que implican hints DQL."
    }
  ],
  "id": "CVE-2014-2508",
  "lastModified": "2024-11-21T02:06:26.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-08T04:31:53.487",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://secunia.com/advisories/58954"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/67918"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1030339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532596/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030339"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-2508

Vulnerability from cvelistv5

Published

2014-06-08 01:00

Modified

2024-08-06 10:14