CVE-2014-2504CVE-2014-2504

Affected configuration(s):

cpe:/a:emc:documentum_d2:3.1:-
cpe:/a:emc:documentum_d2:3.1:sp1
cpe:/a:emc:documentum_d2:4.0
cpe:/a:emc:documentum_d2:4.1
cpe:/a:emc:documentum_d2:4.2

Date published: 2014-05-25T20:25:31.267-04:00

Date last modified: 2014-06-18T00:32:05.710-04:00

CVSS Score: 9.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://archives.neohapsis.com/archives/bugtraq/current/0130.html

Summary: EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.