Lucene search

[email protected]NVD:CVE-2013-6174

HistoryNov 21, 2013 - 4:40 a.m.

CVE-2013-6174

2013-11-2104:40:59

CWE-20

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

Affected configurations

NVD

Node

emcdocument_sciences_xpressionMatch4.1sp1-documentum

emcdocument_sciences_xpressionMatch4.2--documentum

emcdocument_sciences_xpressionMatch4.5--documentum

Node

emcdocument_sciences_xpressionMatch4.1sp1-enterprise--

emcdocument_sciences_xpressionMatch4.2--enterprise--

emcdocument_sciences_xpressionMatch4.5--enterprise--

Node

emcdocument_sciences_xpressionMatch4.1sp1-enterprise--

emcdocument_sciences_xpressionMatch4.2--enterprise--

emcdocument_sciences_xpressionMatch4.5--enterprise--

References

archives.neohapsis.com/archives/bugtraq/2013-11/0095.html

packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html

www.kb.cert.org/vuls/id/346982

www.securityfocus.com/bid/63810

www.securitytracker.com/id/1029384

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for NVD:CVE-2013-6174

cve1 cvelist1 prion1 securityvulns2 cert1