Lucene search
DellCVE-2014-4636HistoryJan 07, 2015 - 2:59 a.m.
CVE-2014-4636
2015-01-0702:59:17
CWE-352
dell
web.nvd.nist.gov
27
cve-2014-4636
cross-site request forgery
csrf vulnerability
emc documentum
wdk
remote attackers
authentication hijacking
docbase operations
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.5%
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
Affected configurations
Node
emcdocumentum_wdkRange≤6.7sp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | documentum_wdk | * | cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-01-07 02:59:00
nvd
nvd
CVE-2014-4636
2015-01-07 02:59:17
cvelist
cvelist
CVE-2014-4636
2015-01-07 02:00:00
securityvulns
securityvulns
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities
2015-01-13 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.5%
Related for CVE-2014-4636