Lucene search
HistoryJan 07, 2015 - 2:59 a.m.
CVE-2014-4636
cve-2014-4636
cross-site request forgery
csrf vulnerability
emc documentum
wdk
remote attackers
authentication hijacking
docbase operations
7.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.3%
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| emc:documentum_wdk | emc documentum wdk | le | 6.7 |
Related
prion
prion
Cross site request forgery (csrf)
2015-01-07 02:59:00
cvelist
cvelist
CVE-2014-4636
2015-01-07 02:00:00
securityvulns
securityvulns
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities
2015-01-13 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
7.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.3%
Related for CVE-2014-4636