cvelistv5 - cve-2014-4637

CVE-2014-4637 (GCVE-0-2014-4637)

Vulnerability from cvelistv5 – Published: 2015-01-07 02:00 – Updated: 2024-08-06 11:20

Summary

Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://packetstormsecurity.com/files/129822/EMC-D…	x_refsource_MISC
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1031497	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:20:26.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
          },
          {
            "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
          },
          {
            "name": "1031497",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031497"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
        },
        {
          "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
        },
        {
          "name": "1031497",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031497"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2014-4637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
            },
            {
              "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
            },
            {
              "name": "1031497",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031497"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2014-4637",
    "datePublished": "2015-01-07T02:00:00",
    "dateReserved": "2014-06-24T00:00:00",
    "dateUpdated": "2024-08-06T11:20:26.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.7\", \"matchCriteriaId\": \"33A27CD7-EC02-4857-B3F5-209618BFD4DC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de redirecci\\u00f3n abierta en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\\u00e9s de un par\\u00e1metro no especificado.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
      "id": "CVE-2014-4637",
      "lastModified": "2024-11-21T02:10:37.120",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-07T02:59:18.063",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031497\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4637\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2015-01-07T02:59:18.063\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de redirecci\u00f3n abierta en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de un par\u00e1metro no especificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.7\",\"matchCriteriaId\":\"33A27CD7-EC02-4857-B3F5-209618BFD4DC\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1031497\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/601.html\\\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e\"}}"
  }
}

CNVD-2015-00093

Vulnerability from cnvd - Published: 2015-01-08

Title

EMC Documentum Web Development Kit (WDK)URL重定向漏洞

Description

EMC Documentum Web Development Kit (WDK)是Web开发工具包。 EMC Documentum Web Development Kit (WDK)存在URL重定向漏洞，攻击者可以利用该漏洞构建包含恶意网站的URL。当不知情受害者点击URI时，它们可能被重定向到一个攻击者控制的网站。

Severity

中

Patch Name

EMC Documentum Web Development Kit (WDK)URL重定向漏洞的补丁

Patch Description

EMC Documentum Web Development Kit (WDK)是Web开发工具包。 EMC Documentum Web Development Kit (WDK)存在URL重定向漏洞，攻击者可以利用该漏洞构建包含恶意网站的URL。当不知情受害者点击URI时，它们可能被重定向到一个攻击者控制的网站。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.emc.com/index.htm?fromGlobalSiteSelect

Reference

http://www.securityfocus.com/bid/71875

Impacted products

Name
EMC Documentum Web Development Kit (WDK) <6.8

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "71875"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-4637"
    }
  },
  "description": "EMC Documentum Web Development Kit (WDK)\u662fWeb\u5f00\u53d1\u5de5\u5177\u5305\u3002\r\n\r\nEMC Documentum Web Development Kit (WDK)\u5b58\u5728URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u5305\u542b\u6076\u610f\u7f51\u7ad9\u7684URL\u3002\u5f53\u4e0d\u77e5\u60c5\u53d7\u5bb3\u8005\u70b9\u51fbURI\u65f6\uff0c\u5b83\u4eec\u53ef\u80fd\u88ab\u91cd\u5b9a\u5411\u5230\u4e00\u4e2a\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\u3002",
  "discovererName": "EMC",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.emc.com/index.htm?fromGlobalSiteSelect",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00093",
  "openTime": "2015-01-08",
  "patchDescription": "EMC Documentum Web Development Kit (WDK)\u662fWeb\u5f00\u53d1\u5de5\u5177\u5305\u3002\r\nEMC Documentum Web Development Kit (WDK)\u5b58\u5728URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u5305\u542b\u6076\u610f\u7f51\u7ad9\u7684URL\u3002\u5f53\u4e0d\u77e5\u60c5\u53d7\u5bb3\u8005\u70b9\u51fbURI\u65f6\uff0c\u5b83\u4eec\u53ef\u80fd\u88ab\u91cd\u5b9a\u5411\u5230\u4e00\u4e2a\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Documentum Web Development Kit (WDK)URL\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC Documentum Web Development Kit (WDK) \u003c6.8"
  },
  "referenceLink": "http://www.securityfocus.com/bid/71875",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-07",
  "title": "EMC Documentum Web Development Kit (WDK)URL\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

FKIE_CVE-2014-4637

Vulnerability from fkie_nvd - Published: 2015-01-07 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html
	security_alert@emc.com	http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html
	security_alert@emc.com	http://www.securitytracker.com/id/1031497
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031497

Impacted products

	Vendor	Product	Version
	emc	documentum_wdk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "33A27CD7-EC02-4857-B3F5-209618BFD4DC",
              "versionEndIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n abierta en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de un par\u00e1metro no especificado."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
  "id": "CVE-2014-4637",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-07T02:59:18.063",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1031497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031497"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CXRR-52PG-2GH8

Vulnerability from github – Published: 2022-05-17 03:28 – Updated: 2022-05-17 03:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4637"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-07T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.",
  "id": "GHSA-cxrr-52pg-2gh8",
  "modified": "2022-05-17T03:28:33Z",
  "published": "2022-05-17T03:28:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4637"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-4637

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-4637

Aliases

CVE-2014-4637

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4637",
    "description": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.",
    "id": "GSD-2014-4637"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4637"
      ],
      "details": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.",
      "id": "GSD-2014-4637",
      "modified": "2023-12-13T01:22:45.052325Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2014-4637",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
          },
          {
            "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
          },
          {
            "name": "1031497",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031497"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2014-4637"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html"
            },
            {
              "name": "1031497",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031497"
            },
            {
              "name": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T03:00Z",
      "publishedDate": "2015-01-07T02:59Z"
    }
  }
}

CERTFR-2015-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans EMC Documentum Web Development Kit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Centreon	Web	EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et supérieures
Centreon	Web	EMC Records Client versions 6.7 SP2 et supérieures
Centreon	Web	EMC Digital Assets Manager versions 6.5 SP6 et supérieures
Centreon	Web	EMC Capital Projects versions 1.9 et supérieures
Centreon	Web	EMC WebTop versions 6.7 SP2 et supérieures
Centreon	Web	EMC Task Space versions 6.7 SP2 et supérieures
Centreon	Web	EMC Web Publishers versions 6.5 SP7 et supérieures
Centreon	Web	EMC Documentum Administrator versions 7.1 et supérieures

References

Title

Publication Time

Tags

Bulletin de sécurité EMC ESA-2014-180 du 06 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Records Client versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Digital Assets Manager versions 6.5 SP6 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Capital Projects versions 1.9 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC WebTop versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Task Space versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Web Publishers versions 6.5 SP7 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Documentum Administrator versions 7.1 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4636"
    },
    {
      "name": "CVE-2014-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4639"
    },
    {
      "name": "CVE-2014-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4635"
    },
    {
      "name": "CVE-2014-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4637"
    },
    {
      "name": "CVE-2014-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4638"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum Web Development Kit\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum Web Development Kit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-180 du 06 janvier 2015",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/att-0009/ESA-2014-180.txt"
    }
  ]
}

CERTFR-2015-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Centreon	Web	EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et supérieures
Centreon	Web	EMC Records Client versions 6.7 SP2 et supérieures
Centreon	Web	EMC Digital Assets Manager versions 6.5 SP6 et supérieures
Centreon	Web	EMC Capital Projects versions 1.9 et supérieures
Centreon	Web	EMC WebTop versions 6.7 SP2 et supérieures
Centreon	Web	EMC Task Space versions 6.7 SP2 et supérieures
Centreon	Web	EMC Web Publishers versions 6.5 SP7 et supérieures
Centreon	Web	EMC Documentum Administrator versions 7.1 et supérieures

References

Title

Publication Time

Tags

Bulletin de sécurité EMC ESA-2014-180 du 06 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Records Client versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Digital Assets Manager versions 6.5 SP6 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Capital Projects versions 1.9 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC WebTop versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Task Space versions 6.7 SP2 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Web Publishers versions 6.5 SP7 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "EMC Documentum Administrator versions 7.1 et sup\u00e9rieures",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4636"
    },
    {
      "name": "CVE-2014-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4639"
    },
    {
      "name": "CVE-2014-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4635"
    },
    {
      "name": "CVE-2014-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4637"
    },
    {
      "name": "CVE-2014-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4638"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum Web Development Kit\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum Web Development Kit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-180 du 06 janvier 2015",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/att-0009/ESA-2014-180.txt"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-4637 (GCVE-0-2014-4637)

CNVD-2015-00093

FKIE_CVE-2014-4637

GHSA-CXRR-52PG-2GH8

GSD-2014-4637

CERTFR-2015-AVI-007

Solution

CERTFR-2015-AVI-007

Solution

Tags

Sightings

Nomenclature