Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2015-4530
HistoryAug 20, 2015 - 10:59 a.m.

CVE-2015-4530

2015-08-2010:59:11
CWE-352
dell
web.nvd.nist.gov
26
cve-2015-4530
cross-site request forgery
csrf
emc documentum
webtop
documentum administrator
documentum digital assets manager
documentum web publishers
documentum task space

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

59.6%

JSON

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.

Affected configurations

Nvd
Node
emcdocumentum_administratorRange7.2
OR
emcdocumentum_digital_asset_managerRange6.5sp6
OR
emcdocumentum_taskspaceRange6.7sp2
OR
emcdocumentum_web_publisherRange6.5sp7
OR
emcdocumentum_webtopRange6.8
VendorProductVersionCPE
emcdocumentum_administrator*cpe:2.3:a:emc:documentum_administrator:*:*:*:*:*:*:*:*
emcdocumentum_digital_asset_manager*cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp6:*:*:*:*:*:*
emcdocumentum_taskspace*cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*
emcdocumentum_web_publisher*cpe:2.3:a:emc:documentum_web_publisher:*:sp7:*:*:*:*:*:*
emcdocumentum_webtop*cpe:2.3:a:emc:documentum_webtop:*:*:*:*:*:*:*:*

Related

prion 2
securityvulns 3
cvelist 2
nvd 2
cve 1
cert 1
prion
prion
Cross site request forgery (csrf)
2015-08-20 10:59:00
Cross site request forgery (csrf)
2014-08-20 11:17:00
securityvulns
securityvulns
ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability
2015-08-24 00:00:00
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
2014-08-26 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
cvelist
cvelist
CVE-2015-4530
2015-08-20 10:00:00
CVE-2014-2518
2014-08-20 10:00:00
nvd
nvd
CVE-2015-4530
2015-08-20 10:59:11
CVE-2014-2518
2014-08-20 11:17:13
cve
cve
CVE-2014-2518
2014-08-20 11:17:13
cert
cert
EMC Documentum products contain multiple vulnerabilities
2014-12-15 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

59.6%

JSON
Related for CVE-2015-4530
prion2securityvulns3cvelist2nvd2cve1cert1