Lucene search

K
cve[email protected]CVE-2014-2503
HistoryJun 06, 2014 - 12:55 a.m.

CVE-2014-2503

2014-06-0600:55:04
CWE-20
web.nvd.nist.gov
20
emc dam
thumbnail proxy server
dql injection
security vulnerability
nvd
cve-2014-2503

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

Affected configurations

NVD
Node
emcdocumentum_digital_asset_managerMatch6.5sp3
OR
emcdocumentum_digital_asset_managerMatch6.5sp4
OR
emcdocumentum_digital_asset_managerMatch6.5sp5
OR
emcdocumentum_digital_asset_managerMatch6.5sp6

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

Related for CVE-2014-2503