Lucene search

[email protected]CVE-2014-2503

HistoryJun 06, 2014 - 12:55 a.m.

CVE-2014-2503

2014-06-0600:55:00

CWE-20

[email protected]

web.nvd.nist.gov

emc dam

thumbnail proxy server

dql injection

security vulnerability

nvd

cve-2014-2503

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

CPENameOperatorVersion
emc:documentum_digital_asset_manageremc documentum digital asset managereq6.5

CPE	Name	Operator	Version
emc:documentum_digital_asset_manager	emc documentum digital asset manager	eq	6.5

References

archives.neohapsis.com/archives/bugtraq/2014-06/0037.html

packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html

www.securityfocus.com/bid/67868

www.securitytracker.com/id/1030348

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVE-2014-2503

prion1 securityvulns2 cvelist1