Lucene search
HistoryJun 06, 2014 - 12:55 a.m.
CVE-2014-2503
emc dam
thumbnail proxy server
dql injection
security vulnerability
nvd
cve-2014-2503
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.005
Percentile
77.2%
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
Affected configurations
Node
emcdocumentum_digital_asset_managerMatch6.5sp3
ORemcdocumentum_digital_asset_managerMatch6.5sp4
ORemcdocumentum_digital_asset_managerMatch6.5sp5
ORemcdocumentum_digital_asset_managerMatch6.5sp6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | documentum_digital_asset_manager | 6.5 | cpe:/a:emc:documentum_digital_asset_manager:6.5:sp3:: |
| emc | documentum_digital_asset_manager | 6.5 | cpe:/a:emc:documentum_digital_asset_manager:6.5:sp5:: |
| emc | documentum_digital_asset_manager | 6.5 | cpe:/a:emc:documentum_digital_asset_manager:6.5:sp4:: |
| emc | documentum_digital_asset_manager | 6.5 | cpe:/a:emc:documentum_digital_asset_manager:6.5:sp6:: |
Related
nvd
nvd
CVE-2014-2503
2014-06-06 00:55:04
securityvulns
securityvulns
ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability
2014-06-14 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
prion
prion
Design/Logic Flaw
2014-06-06 00:55:00
cvelist
cvelist
CVE-2014-2503
2014-06-06 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.005
Percentile
77.2%
Related for CVE-2014-2503