Vulnerability-Lookup

CVE-2015-0551 (GCVE-0-2015-0551)

Vulnerability from cvelistv5 – Published: 2015-07-04 14:00 – Updated: 2024-08-06 04:10

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Severity

No CVSS data available.

CWE

Assigner

dell

References

2 references

URL	Tags
http://www.securitytracker.com/id/1032770	vdb-entryx_refsource_SECTRACK
http://seclists.org/bugtraq/2015/Jul/9	mailing-listx_refsource_BUGTRAQ

Date Public

2015-07-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:10.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032770"
        },
        {
          "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jul/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-0551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032770"
            },
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-0551",
    "datePublished": "2015-07-04T14:00:00.000Z",
    "dateReserved": "2014-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:10:10.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-0551",
      "date": "2026-06-16",
      "epss": "0.01075",
      "percentile": "0.60529"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A289F06-4D31-4963-8D2F-D2E8F2146D5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E63A8B26-9B98-47CB-8CB6-896ACFC85FFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34D56991-BEA6-4160-9E5C-4B7034DB1FD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E97C5C13-EBDB-4906-8875-1D8D70C68206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5E065EF-D76B-40D3-BEC1-D846654C6590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E8773E-616D-467F-9361-B4F71E42EB26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E61EE60F-D408-4253-997F-160FA741E6AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*\", \"matchCriteriaId\": \"527D5B22-B332-4CB8-9595-003E5B70EC57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AC64E73-EBBF-4851-BB86-394941CA4625\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3AA619F-A9DF-489C-A6BA-BF044B3C20BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261FA013-FE18-4B09-A52B-909E2BB06891\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-0551",
      "lastModified": "2024-11-21T02:23:17.567",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-07-04T14:59:00.090",
      "references": "[{\"url\": \"http://seclists.org/bugtraq/2015/Jul/9\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032770\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://seclists.org/bugtraq/2015/Jul/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0551\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2015-07-04T14:59:00.090\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A289F06-4D31-4963-8D2F-D2E8F2146D5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63A8B26-9B98-47CB-8CB6-896ACFC85FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D56991-BEA6-4160-9E5C-4B7034DB1FD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E97C5C13-EBDB-4906-8875-1D8D70C68206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5E065EF-D76B-40D3-BEC1-D846654C6590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E8773E-616D-467F-9361-B4F71E42EB26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E61EE60F-D408-4253-997F-160FA741E6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"527D5B22-B332-4CB8-9595-003E5B70EC57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AC64E73-EBBF-4851-BB86-394941CA4625\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3AA619F-A9DF-489C-A6BA-BF044B3C20BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261FA013-FE18-4B09-A52B-909E2BB06891\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/bugtraq/2015/Jul/9\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1032770\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://seclists.org/bugtraq/2015/Jul/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

BDU:2015-12090

Vulnerability from fstec - Published: 04.07.2015

Title

Уязвимость средства администрирования системы электронного документооборота EMC Documentum Administrator, средства управления мультимедийными материалами системы электронного документооборота EMC Documentum Digital Asset Management, средства доступа к репозиторию системы электронного документооборота EMC Documentum TaskSpace, системы управления веб-проектами EMC Documentum Web Publisher, веб-интерфейса, обеспечивающего доступ к репозиторию EMC Documentum Webtop, позволяющая нарушителю внедрить произвольный веб-скрипт или HTML-код

Description

Уязвимость средства администрирования системы электронного документооборота EMC Documentum Administrator, средства управления мультимедийными материалами системы электронного документооборота EMC Documentum Digital Asset Management, средства доступа к репозиторию системы электронного документооборота EMC Documentum TaskSpace, системы управления веб-проектами EMC Documentum Web Publisher, веб-интерфейса, обеспечивающего доступ к репозиторию EMC Documentum Webtop существует из-за непринятия мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, внедрить произвольный веб-скрипт или HTML-код

Severity

Vendor

Dell Technologies

Software Name

EMC Documentum Digital Asset Management, EMC Documentum TaskSpace, EMC Documentum Web Publisher, EMC Documentum WebTop, EMC Documentum Administrator

Software Version

от 6.5SP6 до P25 (EMC Documentum Digital Asset Management), от 6.7SP1 до P31 (EMC Documentum TaskSpace), от 6.7SP2 до P23 (EMC Documentum TaskSpace), от 6.5SP7 до P25 (EMC Documentum Web Publisher), от 6.7SP1 до P31 (EMC Documentum WebTop), от 6.7SP2 до P23 (EMC Documentum WebTop), от 6.8 до P01 (EMC Documentum WebTop), от 6.7SP1 до P31 (EMC Documentum Administrator), от 6.7SP2 до P23 (EMC Documentum Administrator), от 7.0 до P18 (EMC Documentum Administrator), от 7.1 до P15 (EMC Documentum Administrator), от 7.2 до P01 (EMC Documentum Administrator)

Possible Mitigations

Использование рекомендаций, доступных по адресу: http://seclists.org/bugtraq/2015/Jul/att-9/ESA-2015-111.txt

Reference

http://seclists.org/bugtraq/2015/Jul/att-9/ESA-2015-111.txt

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Dell Technologies",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 6.5SP6 \u0434\u043e P25 (EMC Documentum Digital Asset Management), \u043e\u0442 6.7SP1 \u0434\u043e P31 (EMC Documentum TaskSpace), \u043e\u0442 6.7SP2 \u0434\u043e P23 (EMC Documentum TaskSpace), \u043e\u0442 6.5SP7 \u0434\u043e P25 (EMC Documentum Web Publisher), \u043e\u0442 6.7SP1 \u0434\u043e P31 (EMC Documentum WebTop), \u043e\u0442 6.7SP2 \u0434\u043e P23 (EMC Documentum WebTop), \u043e\u0442 6.8 \u0434\u043e P01 (EMC Documentum WebTop), \u043e\u0442 6.7SP1 \u0434\u043e P31 (EMC Documentum Administrator), \u043e\u0442 6.7SP2 \u0434\u043e P23 (EMC Documentum Administrator), \u043e\u0442 7.0 \u0434\u043e P18 (EMC Documentum Administrator), \u043e\u0442 7.1 \u0434\u043e P15 (EMC Documentum Administrator), \u043e\u0442 7.2 \u0434\u043e P01 (EMC Documentum Administrator)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttp://seclists.org/bugtraq/2015/Jul/att-9/ESA-2015-111.txt",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.07.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.12.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-12090",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-0551",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "EMC Documentum Digital Asset Management, EMC Documentum TaskSpace, EMC Documentum Web Publisher, EMC Documentum WebTop, EMC Documentum Administrator",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . PowerPC, Microsoft Corp Windows - 32-bit, Google Inc Android . 32-bit, Google Inc Android . ARM, Oracle Corp. Solaris . 32-bit, Oracle Corp. Solaris . PowerPC, Oracle Corp. Solaris . SPARC, Oracle Corp. Solaris . ARM, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . ARM, Microsoft Corp Windows - ARM, Computer Science Research Group BSD . 32-bit, Apple Inc. iOS . PowerPC, Apple Inc. iOS . ARM, Apple Inc. OS X . 32-bit, Apple Inc. OS X . PowerPC, Oracle Corp. Java . PowerPC, Oracle Corp. Java . 32-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum Administrator, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u044b\u043c\u0438 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum Digital Asset Management, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum TaskSpace, \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438 EMC Documentum Web Publisher, \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044e EMC Documentum Webtop, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u0431-\u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u043b\u0438 HTML-\u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum Administrator, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u044b\u043c\u0438 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum Digital Asset Management, \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u043e\u0431\u043e\u0440\u043e\u0442\u0430 EMC Documentum TaskSpace, \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438 EMC Documentum Web Publisher, \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044e EMC Documentum Webtop \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u0431-\u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u043b\u0438 HTML-\u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://seclists.org/bugtraq/2015/Jul/att-9/ESA-2015-111.txt",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,5)"
}

CNVD-2015-04325

Vulnerability from cnvd - Published: 2015-07-08

Title

EMC多款产品跨站脚本漏洞

Description

EMC Documentum是一款企业文档和图像管理工具，使文档的创建、修改、跟踪和在业务过程中的利用变得高效、规范和严谨。 EMC多款产品存在跨站脚本漏洞，攻击者利用这些漏洞可注入任意HTML代码或脚本。

Severity

中

Patch Name

EMC多款产品跨站脚本漏洞的补丁

Patch Description

EMC Documentum是一款企业文档和图像管理工具，使文档的创建、修改、跟踪和在业务过程中的利用变得高效、规范和严谨。EMC多款产品存在跨站脚本漏洞，攻击者利用这些漏洞可注入任意HTML代码或脚本。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://emc.subscribenet.com/control/dctm/download?element=3887191

Reference

http://www.securityfocus.com/archive/1/535897

Impacted products

Name
['EMC Documentum Webtop 6.7SP1(<P310', 'EMC Documentum Webtop 6.7SP2(<P23)', 'EMC Documentum Webtop 6.8(<P01)', 'EMC Documentum Administrator 6.7SP1(<P31)', 'EMC Documentum Administrator 6.7SP2(<P23)', 'EMC Documentum Administrator 7.0(<P18)', 'EMC Documentum Administrator 7.1(<P15)', 'EMC Documentum Administrator 7.2(<P01)', 'EMC Documentum Digital Assets Manager 6.5SP6(<P25)', 'EMC Documentum Web Publishers 6.5 SP7(<P25)', 'EMC Documentum Task Space 6.7SP1(<P31)', 'EMC Documentum Task Space 6.7SP2(<P23)']

Name

['EMC Documentum Webtop 6.7SP1(<P310', 'EMC Documentum Webtop 6.7SP2(<P23)', 'EMC Documentum Webtop 6.8(<P01)', 'EMC Documentum Administrator 6.7SP1(<P31)', 'EMC Documentum Administrator 6.7SP2(<P23)', 'EMC Documentum Administrator 7.0(<P18)', 'EMC Documentum Administrator 7.1(<P15)', 'EMC Documentum Administrator 7.2(<P01)', 'EMC Documentum Digital Assets Manager 6.5SP6(<P25)', 'EMC Documentum Web Publishers 6.5 SP7(<P25)', 'EMC Documentum Task Space 6.7SP1(<P31)', 'EMC Documentum Task Space 6.7SP2(<P23)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0551"
    }
  },
  "description": "EMC Documentum\u662f\u4e00\u6b3e\u4f01\u4e1a\u6587\u6863\u548c\u56fe\u50cf\u7ba1\u7406\u5de5\u5177\uff0c\u4f7f\u6587\u6863\u7684\u521b\u5efa\u3001\u4fee\u6539\u3001\u8ddf\u8e2a\u548c\u5728\u4e1a\u52a1\u8fc7\u7a0b\u4e2d\u7684\u5229\u7528\u53d8\u5f97\u9ad8\u6548\u3001\u89c4\u8303\u548c\u4e25\u8c28\u3002\r\n\r\nEMC\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u53ef\u6ce8\u5165\u4efb\u610fHTML\u4ee3\u7801\u6216\u811a\u672c\u3002",
  "discovererName": "EMC",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://emc.subscribenet.com/control/dctm/download?element=3887191",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04325",
  "openTime": "2015-07-08",
  "patchDescription": "EMC Documentum\u662f\u4e00\u6b3e\u4f01\u4e1a\u6587\u6863\u548c\u56fe\u50cf\u7ba1\u7406\u5de5\u5177\uff0c\u4f7f\u6587\u6863\u7684\u521b\u5efa\u3001\u4fee\u6539\u3001\u8ddf\u8e2a\u548c\u5728\u4e1a\u52a1\u8fc7\u7a0b\u4e2d\u7684\u5229\u7528\u53d8\u5f97\u9ad8\u6548\u3001\u89c4\u8303\u548c\u4e25\u8c28\u3002EMC\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u53ef\u6ce8\u5165\u4efb\u610fHTML\u4ee3\u7801\u6216\u811a\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC\u591a\u6b3e\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Documentum Webtop 6.7SP1(\u003cP310",
      "EMC Documentum Webtop 6.7SP2(\u003cP23)",
      "EMC Documentum Webtop 6.8(\u003cP01)",
      "EMC Documentum Administrator 6.7SP1(\u003cP31)",
      "EMC Documentum Administrator 6.7SP2(\u003cP23)",
      "EMC Documentum Administrator 7.0(\u003cP18)",
      "EMC Documentum Administrator 7.1(\u003cP15)",
      "EMC Documentum Administrator 7.2(\u003cP01)",
      "EMC Documentum Digital Assets Manager 6.5SP6(\u003cP25)",
      "EMC Documentum Web Publishers 6.5 SP7(\u003cP25)",
      "EMC Documentum Task Space 6.7SP1(\u003cP31)",
      "EMC Documentum Task Space 6.7SP2(\u003cP23)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/archive/1/535897",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-03",
  "title": "EMC\u591a\u6b3e\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2015-0551

Vulnerability from fkie_nvd - Published: 2015-07-04 14:59 - Updated: 2026-05-06 22:30

Severity

Summary

References

	URL	Tags
	security_alert@emc.com	http://seclists.org/bugtraq/2015/Jul/9
	security_alert@emc.com	http://www.securitytracker.com/id/1032770
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2015/Jul/9
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032770

Impacted products

Vendor	Product	Version
emc	documentum_administrator	6.7
emc	documentum_administrator	6.7
emc	documentum_administrator	7.0
emc	documentum_administrator	7.1
emc	documentum_administrator	7.2
emc	documentum_digital_asset_manager	6.5
emc	documentum_taskspace	6.7
emc	documentum_taskspace	6.7
emc	documentum_web_publisher	6.5
emc	documentum_webtop	6.7
emc	documentum_webtop	6.7
emc	documentum_webtop	6.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0551",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-04T14:59:00.090",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1032770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032770"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JV95-XWVP-R9RG

Vulnerability from github – Published: 2022-05-17 03:15 – Updated: 2022-05-17 03:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-04T14:59:00Z",
    "severity": "LOW"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-jv95-xwvp-r9rg",
  "modified": "2022-05-17T03:15:10Z",
  "published": "2022-05-17T03:15:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0551"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2015/Jul/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032770"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-0551

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0551

Aliases

CVE-2015-0551

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0551",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2015-0551"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0551"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2015-0551",
      "modified": "2023-12-13T01:19:58.696930Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2015-0551",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032770",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032770"
          },
          {
            "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://seclists.org/bugtraq/2015/Jul/9"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2015-0551"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://seclists.org/bugtraq/2015/Jul/9"
            },
            {
              "name": "1032770",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032770"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-28T02:59Z",
      "publishedDate": "2015-07-04T14:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0551 (GCVE-0-2015-0551)

BDU:2015-12090

CNVD-2015-04325

FKIE_CVE-2015-0551

GHSA-JV95-XWVP-R9RG

GSD-2015-0551

Tags

Sightings

Nomenclature