Vulnerability CVE-2014-2520


Published: 2014-08-20

Description:
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

See advisories in our WLB2 database:
Topic
Author
Date
High
EMC Documentum Code Execution / DQL Injection
EMC
20.08.2014

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
6.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
EMC -> Documentum content server 

 References:
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
http://xforce.iss.net/xforce/xfdb/95369

Copyright 2024, cxsecurity.com

 

Back to Top