Search criteria
36 vulnerabilities found for documentum_d2 by emc
FKIE_CVE-2016-9872
Vulnerability from fkie_nvd - Published: 2017-02-03 07:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540060/30/0/threaded | Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/95824 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1037733 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540060/30/0/threaded | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95824 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037733 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 4.5 | |
| emc | documentum_d2 | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74C159C3-E978-4DDD-BF04-7756F9080485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38C9D700-A616-4A9F-B4CD-A76FFE472516",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."
},
{
"lang": "es",
"value": "EMC Documentum D2 versi\u00f3n 4.5 y EMC Documentum D2 versi\u00f3n 4.6 han reflejado vulnerabilidades de XSS que potencialmente podr\u00edan ser explotadas por usuarios malintencionados para comprometer el sistema afectado."
}
],
"id": "CVE-2016-9872",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-03T07:59:00.500",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95824"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1037733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037733"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9873
Vulnerability from fkie_nvd - Published: 2017-02-03 07:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/archive/1/540060/30/0/threaded | Third Party Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/95828 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1037733 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/540060/30/0/threaded | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95828 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037733 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 4.5 | |
| emc | documentum_d2 | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74C159C3-E978-4DDD-BF04-7756F9080485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38C9D700-A616-4A9F-B4CD-A76FFE472516",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."
},
{
"lang": "es",
"value": "EMC Documentum D2 versi\u00f3n 4.5 y EMC Documentum D2 versi\u00f3n 4.6 tiene una Vulnerabilidad de Inyecci\u00f3n DQL que potencialmente podr\u00eda ser explotada por usuarios malintencionados para comprometer el sistema afectado. Un atacante autenticado con pocos privilegios podr\u00eda explotar potencialmente esta vulnerabilidad para acceder a informaci\u00f3n, modificar datos o interrumpir los servicios provocando la ejecuci\u00f3n de comandos DQL arbitrarios en la aplicaci\u00f3n."
}
],
"id": "CVE-2016-9873",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-03T07:59:00.530",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1037733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037733"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6644
Vulnerability from fkie_nvd - Published: 2016-09-17 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | * | |
| emc | documentum_d2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:*:p14:*:*:*:*:*:*",
"matchCriteriaId": "32E6A682-6FFE-4E3A-86A0-C3EC5442D0AB",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:*:p2:*:*:*:*:*:*",
"matchCriteriaId": "A196B4AC-4BCF-4117-B0CD-64323931C8FD",
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."
},
{
"lang": "es",
"value": "EMC Documentum D2 4.5 en versiones anteriores a patch 15 y 4.6 en versiones anteriores a patch 03 permite a atacantes remotos leer documentos Docbase arbitrarios aprovechando el conocimiento de un valor r_object_id."
}
],
"id": "CVE-2016-6644",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-17T21:59:01.543",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/92906"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1036796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036796"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0888
Vulnerability from fkie_nvd - Published: 2016-04-07 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/bugtraq/2016/Apr/20 | Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1035459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2016/Apr/20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035459 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5154B1-072C-4491-8AD9-1EADA747ABD7",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors."
},
{
"lang": "es",
"value": "EMC Documentum D2 en versiones anteriores a 4.6 carece de ACLs destinadas a objetos de configuraci\u00f3n, lo que permite a usuarios remotos autenticados modificar objetos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0888",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T10:59:00.117",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035459"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4537
Vulnerability from fkie_nvd - Published: 2015-08-22 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFDBE2F-7E8A-4112-8A4B-AA43693EABE3",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive."
},
{
"lang": "es",
"value": "Vulnerabilidad en Lockbox en EMC Documentum D2 anterior a 4.5, utiliza una frase de acceso embebida cuando a un servidor le falta el fichero D2.Lockbox, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios remotos autenticados descifrar tickets de administraci\u00f3n mediante la localizaci\u00f3n de esta frase de acceso en un archivo D2 JAR descompilado."
}
],
"id": "CVE-2015-4537",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-22T18:59:02.280",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1033345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033345"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0548
Vulnerability from fkie_nvd - Published: 2015-07-04 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 4.1 | |
| emc | documentum_d2 | 4.2 | |
| emc | documentum_d2 | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74C159C3-E978-4DDD-BF04-7756F9080485",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00e9todo de servicio D2DownloadService.getDownloadUrls en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir las restricciones de acceso a lectura a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0548",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-04T10:59:01.293",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032769"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0547
Vulnerability from fkie_nvd - Published: 2015-07-04 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 4.1 | |
| emc | documentum_d2 | 4.2 | |
| emc | documentum_d2 | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74C159C3-E978-4DDD-BF04-7756F9080485",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00e9todo de servicio D2CenterstageService.getComments en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir las restricciones de acceso a lectura a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0547",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-04T10:59:00.090",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032769"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0549
Vulnerability from fkie_nvd - Published: 2015-06-28 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "827049DD-DF52-4DF4-A6C8-FDE2619DDA4E",
"versionEndIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en EMC Documentum D2 anterior a 4.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0549",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-28T19:59:01.163",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://seclists.org/bugtraq/2015/Jun/113"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securitytracker.com/id/1032693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jun/113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032693"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0518
Vulnerability from fkie_nvd - Published: 2015-02-14 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html | Broken Link | |
| security_alert@emc.com | http://www.securityfocus.com/bid/72502 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1031693 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/100875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72502 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031693 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/100875 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 3.1 | |
| emc | documentum_d2 | 3.1 | |
| emc | documentum_d2 | 4.0 | |
| emc | documentum_d2 | 4.1 | |
| emc | documentum_d2 | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9FE3ABC6-7F44-436A-B78A-C7FC6310C1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BEECDCAB-54A9-4A99-B77E-6DAD0513AA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A265F6B-0975-4CA2-832D-AF0FA38B0077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."
},
{
"lang": "es",
"value": "El servicio Properties en el componente del servicio web D2FS en EMC Documentum D2 3.1 hasta SP1, 4.0 y 4.1 anterior a 4.1 P22, y 4.2 anterior a P11 permite a usuarios remotos autenticados obtener privilegios de superusuario a trav\u00e9s de una llamada a un m\u00e9todo no especificado que modifica los permisos de grupos."
}
],
"id": "CVE-2015-0518",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-14T15:59:01.407",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0517
Vulnerability from fkie_nvd - Published: 2015-02-14 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html | Broken Link | |
| security_alert@emc.com | http://www.securityfocus.com/bid/72501 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1031693 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/100874 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031693 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/100874 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | documentum_d2 | 3.1 | |
| emc | documentum_d2 | 3.1 | |
| emc | documentum_d2 | 4.0 | |
| emc | documentum_d2 | 4.1 | |
| emc | documentum_d2 | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9FE3ABC6-7F44-436A-B78A-C7FC6310C1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BEECDCAB-54A9-4A99-B77E-6DAD0513AA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A265F6B-0975-4CA2-832D-AF0FA38B0077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file."
},
{
"lang": "es",
"value": "El componente D2-API en EMC Documentum D2 3.1 hasta SP1, 4.0 y 4.1 anterior a 4.1 P22, y 4.2 anterior a P11 coloca el hash MD5 una frase de contrase\u00f1a de cifrado en ficheros de registros, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un fichero."
}
],
"id": "CVE-2015-0517",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-14T15:59:00.060",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"source": "security_alert@emc.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-9872 (GCVE-0-2016-9872)
Vulnerability from cvelistv5 – Published: 2017-02-03 07:24 – Updated: 2024-08-06 03:07
VLAI?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Severity ?
No CVSS data available.
CWE
- Reflected Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 |
Affected:
EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"version": {
"version_data": [
{
"version_value": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540060/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9872",
"datePublished": "2017-02-03T07:24:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9873 (GCVE-0-2016-9873)
Vulnerability from cvelistv5 – Published: 2017-02-03 07:24 – Updated: 2024-08-06 03:07
VLAI?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
Severity ?
No CVSS data available.
CWE
- DQL Injection Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 |
Affected:
EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DQL Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "95828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"version": {
"version_data": [
{
"version_value": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DQL Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95828"
},
{
"name": "http://www.securityfocus.com/archive/1/540060/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9873",
"datePublished": "2017-02-03T07:24:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6644 (GCVE-0-2016-6644)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "92906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6644",
"datePublished": "2016-09-17T21:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0888 (GCVE-0-2016-0888)
Vulnerability from cvelistv5 – Published: 2016-04-07 10:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:40.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0888",
"datePublished": "2016-04-07T10:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:40.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4537 (GCVE-0-2015-4537)
Vulnerability from cvelistv5 – Published: 2015-08-22 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4537",
"datePublished": "2015-08-22T18:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0548 (GCVE-0-2015-0548)
Vulnerability from cvelistv5 – Published: 2015-07-04 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0548",
"datePublished": "2015-07-04T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0547 (GCVE-0-2015-0547)
Vulnerability from cvelistv5 – Published: 2015-07-04 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0547",
"datePublished": "2015-07-04T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0549 (GCVE-0-2015-0549)
Vulnerability from cvelistv5 – Published: 2015-06-28 19:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0549",
"datePublished": "2015-06-28T19:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0518 (GCVE-0-2015-0518)
Vulnerability from cvelistv5 – Published: 2015-02-14 15:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0518",
"datePublished": "2015-02-14T15:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0517 (GCVE-0-2015-0517)
Vulnerability from cvelistv5 – Published: 2015-02-14 15:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0517",
"datePublished": "2015-02-14T15:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9872 (GCVE-0-2016-9872)
Vulnerability from nvd – Published: 2017-02-03 07:24 – Updated: 2024-08-06 03:07
VLAI?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Severity ?
No CVSS data available.
CWE
- Reflected Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 |
Affected:
EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"version": {
"version_data": [
{
"version_value": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/540060/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037733"
},
{
"name": "95824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9872",
"datePublished": "2017-02-03T07:24:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9873 (GCVE-0-2016-9873)
Vulnerability from nvd – Published: 2017-02-03 07:24 – Updated: 2024-08-06 03:07
VLAI?
Summary
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
Severity ?
No CVSS data available.
CWE
- DQL Injection Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 |
Affected:
EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DQL Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "95828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-9873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6",
"version": {
"version_data": [
{
"version_value": "EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DQL Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95828"
},
{
"name": "http://www.securityfocus.com/archive/1/540060/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540060/30/0/threaded"
},
{
"name": "1037733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-9873",
"datePublished": "2017-02-03T07:24:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6644 (GCVE-0-2016-6644)
Vulnerability from nvd – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "92906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92906"
},
{
"name": "1036796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036796"
},
{
"name": "20160913 ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Sep/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6644",
"datePublished": "2016-09-17T21:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0888 (GCVE-0-2016-0888)
Vulnerability from nvd – Published: 2016-04-07 10:00 – Updated: 2024-08-05 22:38
VLAI?
Summary
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:40.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Apr/20"
},
{
"name": "1035459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0888",
"datePublished": "2016-04-07T10:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:40.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4537 (GCVE-0-2015-4537)
Vulnerability from nvd – Published: 2015-08-22 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150820 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/117"
},
{
"name": "1033345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-4537",
"datePublished": "2015-08-22T18:00:00",
"dateReserved": "2015-06-11T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0548 (GCVE-0-2015-0548)
Vulnerability from nvd – Published: 2015-07-04 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0548",
"datePublished": "2015-07-04T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0547 (GCVE-0-2015-0547)
Vulnerability from nvd – Published: 2015-07-04 10:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:10.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0547",
"datePublished": "2015-07-04T10:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:10.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0549 (GCVE-0-2015-0549)
Vulnerability from nvd – Published: 2015-06-28 19:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1032693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032693"
},
{
"name": "20150623 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jun/113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0549",
"datePublished": "2015-06-28T19:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0518 (GCVE-0-2015-0518)
Vulnerability from nvd – Published: 2015-02-14 15:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "emc-documentum-cve20150518-priv-esc(100875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100875"
},
{
"name": "72502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72502"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0518",
"datePublished": "2015-02-14T15:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0517 (GCVE-0-2015-0517)
Vulnerability from nvd – Published: 2015-02-14 15:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emc-documentum-cve20150517-info-disc(100874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100874"
},
{
"name": "1031693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031693"
},
{
"name": "72501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72501"
},
{
"name": "20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-0517",
"datePublished": "2015-02-14T15:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T04:10:11.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}