CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
54.7%
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
Vendor | Product | Version | CPE |
---|---|---|---|
emc | documentum_content_server | * | cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:* |
emc | documentum_content_server | 6.0 | cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:* |
emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:* |
emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:* |
emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:* |
emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:* |
emc | documentum_content_server | 6.6 | cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:* |
emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:* |
emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:* |
emc | documentum_content_server | 7.0 | cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:* |