CVE-2014-2503CVE-2014-2503

Affected configuration(s):

cpe:/a:emc:documentum_digital_asset_manager:6.5:sp3
cpe:/a:emc:documentum_digital_asset_manager:6.5:sp4
cpe:/a:emc:documentum_digital_asset_manager:6.5:sp5
cpe:/a:emc:documentum_digital_asset_manager:6.5:sp6

Date published: 2014-06-05T20:55:04.103-04:00

Date last modified: 2014-06-18T00:32:05.553-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html

Summary: The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *