Search criteria

18 vulnerabilities found for documentum_digital_asset_manager by emc

FKIE_CVE-2015-4530

Vulnerability from fkie_nvd - Published: 2015-08-20 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
References
security_alert@emc.comhttp://seclists.org/bugtraq/2015/Aug/87
security_alert@emc.comhttp://www.securityfocus.com/bid/76405
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2015/Aug/87
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76405
Impacted products
Vendor Product Version
emc documentum_administrator *
emc documentum_digital_asset_manager *
emc documentum_taskspace *
emc documentum_web_publisher *
emc documentum_webtop *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
              "versionEndIncluding": "6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en EMC Documentum WebTop en versiones anteriores a 6.8P01, Documentum Administrator hasta la versi\u00f3n 7.2, Documentum Digital Assets Manager hasta la versi\u00f3n 6.5SP6, Documentum Web Publishers hasta la versi\u00f3n 6.5SP7 y Documentum Task Space hasta la versi\u00f3n 6.7SP2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de la vulnerabilidad CVE-2014-2518."
    }
  ],
  "id": "CVE-2015-4530",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-08-20T10:59:11.887",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Aug/87"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/76405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Aug/87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76405"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-4529

Vulnerability from fkie_nvd - Published: 2015-07-16 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
security_alert@emc.comhttp://seclists.org/bugtraq/2015/Jul/81
security_alert@emc.comhttp://www.securityfocus.com/bid/75930
security_alert@emc.comhttp://www.securitytracker.com/id/1032965
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2015/Jul/81
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75930
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032965
Impacted products
Vendor Product Version
emc documentum_administrator *
emc documentum_digital_asset_manager *
emc documentum_taskspace *
emc documentum_web_publisher *
emc documentum_webtop *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F3BD69-53DE-4F10-ABFA-33B423A74C9E",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "2EB25D60-1424-422A-959C-9C1D670F6155",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "EE6BEA80-2CBE-4A46-97D5-ABD5EF47207C",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66CB470-DF43-4995-842D-AAB3B259976F",
              "versionEndIncluding": "6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n abierta en EMC Documentum WebTop anterior a 6.8P02, Documentum Administrator anterior a 7.2P01, Documentum Digital Assets Manager hasta 6.5SP6, Documentum Web Publishers hasta 6.5SP7 y Documentum Task Space hasta 6.7SP2, permite a atacantes remotos redirigir a usuarios hacia p\u00e1ginas web arbitrarias y llevar a cabo ataques de phishing por medio de una URL manipulada."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
  "id": "CVE-2015-4529",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-16T21:59:03.497",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Jul/81"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/75930"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1032965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Jul/81"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032965"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-4524

Vulnerability from fkie_nvd - Published: 2015-07-04 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
security_alert@emc.comhttp://seclists.org/bugtraq/2015/Jul/9Mailing List, Third Party Advisory
security_alert@emc.comhttp://www.securitytracker.com/id/1032770Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2015/Jul/9Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032770Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
emc documentum_administrator 6.7
emc documentum_administrator 6.7
emc documentum_administrator 7.0
emc documentum_administrator 7.1
emc documentum_administrator 7.2
emc documentum_digital_asset_manager 6.5
emc documentum_taskspace 6.7
emc documentum_taskspace 6.7
emc documentum_web_publisher 6.5
emc documentum_webtop 6.7
emc documentum_webtop 6.7
emc documentum_webtop 6.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de la subida de ficheros sin restricciones en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario mediante la subida de un fichero al backend Content Server."
    }
  ],
  "id": "CVE-2015-4524",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-04T14:59:01.917",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032770"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-0551

Vulnerability from fkie_nvd - Published: 2015-07-04 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
security_alert@emc.comhttp://seclists.org/bugtraq/2015/Jul/9
security_alert@emc.comhttp://www.securitytracker.com/id/1032770
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2015/Jul/9
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032770
Impacted products
Vendor Product Version
emc documentum_administrator 6.7
emc documentum_administrator 6.7
emc documentum_administrator 7.0
emc documentum_administrator 7.1
emc documentum_administrator 7.2
emc documentum_digital_asset_manager 6.5
emc documentum_taskspace 6.7
emc documentum_taskspace 6.7
emc documentum_web_publisher 6.5
emc documentum_webtop 6.7
emc documentum_webtop 6.7
emc documentum_webtop 6.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0551",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-04T14:59:00.090",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1032770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032770"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-2503

Vulnerability from fkie_nvd - Published: 2014-06-06 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
References
security_alert@emc.comhttp://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html
security_alert@emc.comhttp://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html
security_alert@emc.comhttp://www.securityfocus.com/bid/67868
security_alert@emc.comhttp://www.securitytracker.com/id/1030348
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67868
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030348
Impacted products
Vendor Product Version
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "26B23E41-DD76-41EB-9BBA-F47F54B1AA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
    },
    {
      "lang": "es",
      "value": "El servidor proxy en miniatura en EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5 y 6.5 SP6 anterior a P13 permite a atacantes remotos realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir restricciones en objetos de consulta a trav\u00e9s de un par\u00e1metro manipulado en una cadena de consulta."
    }
  ],
  "id": "CVE-2014-2503",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-06T00:55:04.103",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/67868"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1030348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030348"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3281

Vulnerability from fkie_nvd - Published: 2013-11-06 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References
security_alert@emc.comhttp://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
security_alert@emc.comhttp://www.kb.cert.org/vuls/id/466876US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/466876US Government Resource
Impacted products
Vendor Product Version
emc documentum_taskspace *
emc documentum_taskspace 6.7
emc documentum_taskspace 6.7
emc documentum_capital_projects *
emc documentum_wdk *
emc documentum_wdk 6.7
emc documentum_wdk 6.7
emc documentum_digital_asset_manager *
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_digital_asset_manager 6.5
emc documentum_administrator *
emc documentum_administrator 6.7
emc documentum_administrator 6.7
emc documentum_webtop *
emc documentum_webtop 6.7
emc documentum_webtop 6.7
emc documentum_web_publisher *
emc documentum_web_publisher 6.5
emc documentum_web_publisher 6.5
emc documentum_web_publisher 6.5
emc documentum_web_publisher 6.5
emc documentum_web_publisher 6.5
emc documentum_web_publisher 6.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3270E32-E010-4E39-8E9E-6B05AAC89492",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1466E81F-81E5-4B66-A26D-F7E6B395BEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3E66AD-4E04-43CF-BBF0-5EF937E0A6B2",
              "versionEndIncluding": "1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "33A27CD7-EC02-4857-B3F5-209618BFD4DC",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F0547A-FA35-4115-8AF6-1819EBA2A6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3351A120-41F6-4C4C-94AD-4AF607D7837E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "AD943366-FEAC-47EC-A7B4-055C016E6508",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1502E229-F43E-49C6-939C-7AA8AC109261",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "19888BA7-79F3-4349-94C9-BADE36472A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E963CDB8-7C8E-4011-BC8A-D3FB30EB4832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFF369-27B7-4AC3-B7EE-EEF3301A0F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "68E91401-70C8-4243-AAB6-1968566E5A92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A92A160F-7619-4C39-AB66-658EBC12EF36",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1008C754-6E61-438A-908E-A8B26E049707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C8313C21-9CB0-45B6-BB70-ACF81966EBDE",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F5211F-0307-4A35-A535-D6048FD25CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:*:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "BD051A73-40A0-410E-9515-2E57DB56ABD1",
              "versionEndIncluding": "6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37849165-C537-40E0-8311-EDC8F77301FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "8DE1215F-FCFD-40E3-90D7-229F2295B521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4B60F98D-62BB-4745-8BEB-04608C4E3F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F7927999-12E9-4BF9-B2A6-51BA0A5D5E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A2CCF762-2FBC-426C-A778-398550596A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "69CFEE7E-BDD1-4CB6-B115-DFF3A881B160",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro dise\u00f1ado en una URL."
    }
  ],
  "id": "CVE-2013-3281",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-11-06T15:55:05.093",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/466876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/466876"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-4530 (GCVE-0-2015-4530)

Vulnerability from cvelistv5 – Published: 2015-08-20 10:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/76405 vdb-entryx_refsource_BID
http://seclists.org/bugtraq/2015/Aug/87 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "76405",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76405"
          },
          {
            "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Aug/87"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "76405",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76405"
        },
        {
          "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Aug/87"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "76405",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76405"
            },
            {
              "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Aug/87"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4530",
    "datePublished": "2015-08-20T10:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4529 (GCVE-0-2015-4529)

Vulnerability from cvelistv5 – Published: 2015-07-16 21:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://seclists.org/bugtraq/2015/Jul/81 mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1032965 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/75930 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/81"
          },
          {
            "name": "1032965",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032965"
          },
          {
            "name": "75930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/81"
        },
        {
          "name": "1032965",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032965"
        },
        {
          "name": "75930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/81"
            },
            {
              "name": "1032965",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032965"
            },
            {
              "name": "75930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4529",
    "datePublished": "2015-07-16T21:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0551 (GCVE-0-2015-0551)

Vulnerability from cvelistv5 – Published: 2015-07-04 14:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1032770 vdb-entryx_refsource_SECTRACK
http://seclists.org/bugtraq/2015/Jul/9 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:10.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032770"
        },
        {
          "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-0551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032770"
            },
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-0551",
    "datePublished": "2015-07-04T14:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:10.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4524 (GCVE-0-2015-4524)

Vulnerability from cvelistv5 – Published: 2015-07-04 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1032770 vdb-entryx_refsource_SECTRACK
http://seclists.org/bugtraq/2015/Jul/9 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032770"
        },
        {
          "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032770"
            },
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4524",
    "datePublished": "2015-07-04T14:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2503 (GCVE-0-2014-2503)

Vulnerability from cvelistv5 – Published: 2014-06-06 00:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
          },
          {
            "name": "1030348",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030348"
          },
          {
            "name": "67868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67868"
          },
          {
            "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-16T13:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
        },
        {
          "name": "1030348",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030348"
        },
        {
          "name": "67868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67868"
        },
        {
          "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-2503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
            },
            {
              "name": "1030348",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030348"
            },
            {
              "name": "67868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67868"
            },
            {
              "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-2503",
    "datePublished": "2014-06-06T00:00:00",
    "dateReserved": "2014-03-14T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3281 (GCVE-0-2013-3281)

Vulnerability from cvelistv5 – Published: 2013-11-06 11:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/466876 third-party-advisoryx_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#466876",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/466876"
          },
          {
            "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-17T15:57:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "VU#466876",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/466876"
        },
        {
          "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2013-3281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#466876",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/466876"
            },
            {
              "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2013-3281",
    "datePublished": "2013-11-06T11:00:00",
    "dateReserved": "2013-04-26T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4530 (GCVE-0-2015-4530)

Vulnerability from nvd – Published: 2015-08-20 10:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/76405 vdb-entryx_refsource_BID
http://seclists.org/bugtraq/2015/Aug/87 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "76405",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76405"
          },
          {
            "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Aug/87"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "76405",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76405"
        },
        {
          "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Aug/87"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "76405",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76405"
            },
            {
              "name": "20150817 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Aug/87"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4530",
    "datePublished": "2015-08-20T10:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4529 (GCVE-0-2015-4529)

Vulnerability from nvd – Published: 2015-07-16 21:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://seclists.org/bugtraq/2015/Jul/81 mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1032965 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/75930 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/81"
          },
          {
            "name": "1032965",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032965"
          },
          {
            "name": "75930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/81"
        },
        {
          "name": "1032965",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032965"
        },
        {
          "name": "75930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150716 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/81"
            },
            {
              "name": "1032965",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032965"
            },
            {
              "name": "75930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4529",
    "datePublished": "2015-07-16T21:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0551 (GCVE-0-2015-0551)

Vulnerability from nvd – Published: 2015-07-04 14:00 – Updated: 2024-08-06 04:10
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1032770 vdb-entryx_refsource_SECTRACK
http://seclists.org/bugtraq/2015/Jul/9 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:10.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032770"
        },
        {
          "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-0551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032770"
            },
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-0551",
    "datePublished": "2015-07-04T14:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:10.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4524 (GCVE-0-2015-4524)

Vulnerability from nvd – Published: 2015-07-04 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1032770 vdb-entryx_refsource_SECTRACK
http://seclists.org/bugtraq/2015/Jul/9 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:11.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032770"
        },
        {
          "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-4524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032770"
            },
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-4524",
    "datePublished": "2015-07-04T14:00:00",
    "dateReserved": "2015-06-11T00:00:00",
    "dateUpdated": "2024-08-06T06:18:11.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2503 (GCVE-0-2014-2503)

Vulnerability from nvd – Published: 2014-06-06 00:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
          },
          {
            "name": "1030348",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030348"
          },
          {
            "name": "67868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67868"
          },
          {
            "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-16T13:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
        },
        {
          "name": "1030348",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030348"
        },
        {
          "name": "67868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67868"
        },
        {
          "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-2503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html"
            },
            {
              "name": "1030348",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030348"
            },
            {
              "name": "67868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67868"
            },
            {
              "name": "20140604 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-2503",
    "datePublished": "2014-06-06T00:00:00",
    "dateReserved": "2014-03-14T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3281 (GCVE-0-2013-3281)

Vulnerability from nvd – Published: 2013-11-06 11:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/466876 third-party-advisoryx_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#466876",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/466876"
          },
          {
            "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-17T15:57:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "VU#466876",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/466876"
        },
        {
          "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2013-3281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#466876",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/466876"
            },
            {
              "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2013-3281",
    "datePublished": "2013-11-06T11:00:00",
    "dateReserved": "2013-04-26T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}