cnvd - cnvd-2017-00983

CNVD-2017-00983

Vulnerability from cnvd - Published: 2017-02-06

Title

多款EMC产品HTML注入漏洞

Description

EMC Documentum WebTop等都是美国易安信（EMC）公司的产品。EMC Documentum WebTop是一套允许用户在标准浏览器应用中访问Documentum存储库和内容管理服务的产品。Documentum Administrator是一套基于Web用来执行Documentum系统管理任务的开发工具。多款EMC产品存在HTML注入漏洞。由于程序未能充分验证用户输入。攻击者可利用特制的HTML或JavaScript代码在受影响的网站中运行，窃取基于cookie的认证证书，控制网站呈现给用户的内容。

Severity

中

Patch Name

多款EMC产品HTML注入漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.emc.com/zh-cn/index.htm

Reference

http://www.securityfocus.com/bid/95625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213

Impacted products

Name
['EMC Documentum Administrator 7.2', 'EMC Documentum Administrator 7.0', 'EMC Documentum Administrator 7.1', 'EMC Documentum Capital Projects 1.9', 'EMC Documentum Capital Projects 1.10', 'EMC Documentum Taskspace 6.7 SP3', 'EMC Documentum Webtop 6.8.1', 'EMC Documentum Webtop 6.8']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95625"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8213",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8213"
    }
  },
  "description": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002",
  "discovererName": "EMC",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.emc.com/zh-cn/index.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00983",
  "openTime": "2017-02-06",
  "patchDescription": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Documentum Administrator 7.2",
      "EMC Documentum Administrator 7.0",
      "EMC Documentum Administrator 7.1",
      "EMC Documentum Capital Projects 1.9",
      "EMC Documentum Capital Projects 1.10",
      "EMC Documentum Taskspace 6.7 SP3",
      "EMC Documentum Webtop 6.8.1",
      "EMC Documentum Webtop  6.8"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95625\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-20",
  "title": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2016-8213 (GCVE-0-2016-8213)

Vulnerability from cvelistv5 – Published: 2017-01-23 06:49 – Updated: 2024-08-06 02:13

Summary

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Severity ?

No CVSS data available.

CWE

Stored Cross-Site Scripting

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/archive/1/540019/30/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95625	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037626	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	EMC Documentum Webtop and Clients	Affected: EMC Documentum Webtop and Clients

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
          },
          {
            "name": "95625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95625"
          },
          {
            "name": "1037626",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Documentum Webtop and Clients",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Documentum Webtop and Clients"
            }
          ]
        }
      ],
      "datePublic": "2017-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-10T21:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
        },
        {
          "name": "95625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95625"
        },
        {
          "name": "1037626",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-8213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Documentum Webtop and Clients",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Documentum Webtop and Clients"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
            },
            {
              "name": "95625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95625"
            },
            {
              "name": "1037626",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-8213",
    "datePublished": "2017-01-23T06:49:00",
    "dateReserved": "2016-09-13T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-00983

CVE-2016-8213 (GCVE-0-2016-8213)

Tags

Sightings

Nomenclature