cvelistv5 - cve-2015-0547

CVE-2015-0547 (GCVE-0-2015-0547)

Vulnerability from cvelistv5 – Published: 2015-07-04 10:00 – Updated: 2024-08-06 04:10

Summary

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1032769	vdb-entryx_refsource_SECTRACK
	http://seclists.org/bugtraq/2015/Jul/10	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:10.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032769",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032769"
          },
          {
            "name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032769",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032769"
        },
        {
          "name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-0547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032769",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032769"
            },
            {
              "name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-0547",
    "datePublished": "2015-07-04T10:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:10.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC69558D-8121-4CA9-BABB-9ACF77808706\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74C159C3-E978-4DDD-BF04-7756F9080485\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00e9todo de servicio D2CenterstageService.getComments en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyecci\\u00f3n Documentum Query Language (DQL) y evadir las restricciones de acceso a lectura a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-0547",
      "lastModified": "2024-11-21T02:23:17.160",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-07-04T10:59:00.090",
      "references": "[{\"url\": \"http://seclists.org/bugtraq/2015/Jul/10\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032769\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://seclists.org/bugtraq/2015/Jul/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0547\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2015-07-04T10:59:00.090\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El m\u00e9todo de servicio D2CenterstageService.getComments en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir las restricciones de acceso a lectura a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC69558D-8121-4CA9-BABB-9ACF77808706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C159C3-E978-4DDD-BF04-7756F9080485\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/bugtraq/2015/Jul/10\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1032769\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://seclists.org/bugtraq/2015/Jul/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2015-04194

Vulnerability from cnvd - Published: 2015-07-03

Title

EMC Documentum D2 SQL注入漏洞（CNVD-2015-04194）

Description

EMC Documentum D2是高级、直观、可配置且以内容为中心的Documentum客户端，可加快ECM应用程序的采用速度。 EMC Documentum D2在D2CenterstageService.getComments服务方法中存在DQL注入漏洞，可导致数据库信息泄露。

Severity

中

Patch Name

EMC Documentum D2存在SQL注入漏洞（CNVD-2015-04194）的补丁

Patch Description

EMC Documentum D2是高级、直观、可配置且以内容为中心的Documentum客户端，可加快ECM应用程序的采用速度。EMC Documentum D2在D2CenterstageService.getComments服务方法中存在DQL注入漏洞，可导致数据库信息泄露。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了安全公告及相关升级补丁,修复了此安全问题,请到厂商主页下载: https://emc.subscribenet.com/control/dctm/index?manu=DCTMD2

Reference

http://www.securityfocus.com/archive/1/535898

Impacted products

Name
['EMC Documentum D2 4.1', 'EMC Documentum D2 4.2', 'EMC Documentum D2 4.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0547"
    }
  },
  "description": "EMC Documentum D2\u662f\u9ad8\u7ea7\u3001\u76f4\u89c2\u3001\u53ef\u914d\u7f6e\u4e14\u4ee5\u5185\u5bb9\u4e3a\u4e2d\u5fc3\u7684Documentum\u5ba2\u6237\u7aef\uff0c\u53ef\u52a0\u5febECM\u5e94\u7528\u7a0b\u5e8f\u7684\u91c7\u7528\u901f\u5ea6\u3002\r\n\r\nEMC Documentum D2\u5728D2CenterstageService.getComments\u670d\u52a1\u65b9\u6cd5\u4e2d\u5b58\u5728DQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u53ef\u5bfc\u81f4\u6570\u636e\u5e93\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "Ionut Popescu, Security Consultant at KPMG Romania",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u5347\u7ea7\u8865\u4e01,\u4fee\u590d\u4e86\u6b64\u5b89\u5168\u95ee\u9898,\u8bf7\u5230\u5382\u5546\u4e3b\u9875\u4e0b\u8f7d:\r\nhttps://emc.subscribenet.com/control/dctm/index?manu=DCTMD2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04194",
  "openTime": "2015-07-03",
  "patchDescription": "EMC Documentum D2\u662f\u9ad8\u7ea7\u3001\u76f4\u89c2\u3001\u53ef\u914d\u7f6e\u4e14\u4ee5\u5185\u5bb9\u4e3a\u4e2d\u5fc3\u7684Documentum\u5ba2\u6237\u7aef\uff0c\u53ef\u52a0\u5febECM\u5e94\u7528\u7a0b\u5e8f\u7684\u91c7\u7528\u901f\u5ea6\u3002EMC Documentum D2\u5728D2CenterstageService.getComments\u670d\u52a1\u65b9\u6cd5\u4e2d\u5b58\u5728DQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u53ef\u5bfc\u81f4\u6570\u636e\u5e93\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Documentum D2\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2015-04194\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Documentum D2  4.1",
      "EMC Documentum D2  4.2",
      "EMC Documentum D2 4.5"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/archive/1/535898",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-02",
  "title": "EMC Documentum D2 SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2015-04194\uff09"
}

GHSA-WJCC-QPFR-87WW

Vulnerability from github – Published: 2022-05-17 03:15 – Updated: 2022-05-17 03:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-04T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.",
  "id": "GHSA-wjcc-qpfr-87ww",
  "modified": "2022-05-17T03:15:10Z",
  "published": "2022-05-17T03:15:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0547"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2015/Jul/10"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032769"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-0547

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0547

Aliases

CVE-2015-0547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0547",
    "description": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.",
    "id": "GSD-2015-0547"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0547"
      ],
      "details": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.",
      "id": "GSD-2015-0547",
      "modified": "2023-12-13T01:19:58.308014Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2015-0547",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032769",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032769"
          },
          {
            "name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://seclists.org/bugtraq/2015/Jul/10"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2015-0547"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://seclists.org/bugtraq/2015/Jul/10"
            },
            {
              "name": "1032769",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032769"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-28T02:59Z",
      "publishedDate": "2015-07-04T10:59Z"
    }
  }
}

FKIE_CVE-2015-0547

Vulnerability from fkie_nvd - Published: 2015-07-04 10:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	security_alert@emc.com	http://seclists.org/bugtraq/2015/Jul/10
	security_alert@emc.com	http://www.securitytracker.com/id/1032769
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2015/Jul/10
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032769

Impacted products

Vendor	Product	Version
emc	documentum_d2	4.1
emc	documentum_d2	4.2
emc	documentum_d2	4.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39C8470-59DA-4759-A8B4-2DEE6DCAAE1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC69558D-8121-4CA9-BABB-9ACF77808706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C159C3-E978-4DDD-BF04-7756F9080485",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo de servicio D2CenterstageService.getComments en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyecci\u00f3n Documentum Query Language (DQL) y evadir las restricciones de acceso a lectura a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0547",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-04T10:59:00.090",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Jul/10"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1032769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Jul/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032769"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0547 (GCVE-0-2015-0547)

CNVD-2015-04194

GHSA-WJCC-QPFR-87WW

GSD-2015-0547

FKIE_CVE-2015-0547

Tags

Sightings

Nomenclature