Lucene search

DellCVE-2014-2508

HistoryJun 08, 2014 - 4:31 a.m.

CVE-2014-2508

2014-06-0804:31:53

CWE-20

dell

web.nvd.nist.gov

emc documentum

content server

dql injection

vulnerability

nvd

cve-2014-2508

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.

Affected configurations

Nvd

Node

emcdocumentum_content_serverRange≤6.7sp1

emcdocumentum_content_serverMatch6.0

emcdocumentum_content_serverMatch6.5

emcdocumentum_content_serverMatch6.5sp1

emcdocumentum_content_serverMatch6.5sp2

emcdocumentum_content_serverMatch6.5sp3

emcdocumentum_content_serverMatch6.6

emcdocumentum_content_serverMatch6.7-

emcdocumentum_content_serverMatch6.7sp2

emcdocumentum_content_serverMatch7.0

emcdocumentum_content_serverMatch7.1

VendorProductVersionCPE
emcdocumentum_content_server*cpe:2.3:a:emc:documentum_content_server:*:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.0cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
emcdocumentum_content_server6.5cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
emcdocumentum_content_server6.6cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
emcdocumentum_content_server6.7cpe:2.3:a:emc:documentum_content_server:6.7:sp2:*:*:*:*:*:*
emcdocumentum_content_server7.0cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_content_server	*	cpe:2.3:a:emc:documentum_content_server::sp1::::::*
emc	documentum_content_server	6.0	cpe:2.3:a:emc:documentum_content_server:6.0:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:::::::*
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp1::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp2::::::
emc	documentum_content_server	6.5	cpe:2.3:a:emc:documentum_content_server:6.5:sp3::::::
emc	documentum_content_server	6.6	cpe:2.3:a:emc:documentum_content_server:6.6:::::::*
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:-::::::
emc	documentum_content_server	6.7	cpe:2.3:a:emc:documentum_content_server:6.7:sp2::::::
emc	documentum_content_server	7.0	cpe:2.3:a:emc:documentum_content_server:7.0:::::::*

Rows per page:

1-10 of 111

References

archives.neohapsis.com/archives/bugtraq/2014-06/0051.html

packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html

secunia.com/advisories/58954

www.securityfocus.com/archive/1/532596/100/0/threaded

www.securityfocus.com/bid/67918

www.securitytracker.com/id/1030339

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:C/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

Related for CVE-2014-2508