Lucene search

[email protected]NVD:CVE-2013-6177

HistoryNov 21, 2013 - 4:40 a.m.

CVE-2013-6177

2013-11-2104:40:59

CWE-22

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

JSON

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

Affected configurations

NVD

Node

emcdocument_sciences_xpressionMatch4.1sp1-enterprise--

emcdocument_sciences_xpressionMatch4.2--enterprise--

emcdocument_sciences_xpressionMatch4.5--enterprise--

Node

emcdocument_sciences_xpressionMatch4.1sp1-enterprise--

emcdocument_sciences_xpressionMatch4.2--enterprise--

emcdocument_sciences_xpressionMatch4.5--enterprise--

Node

emcdocument_sciences_xpressionMatch4.1sp1-documentum

emcdocument_sciences_xpressionMatch4.2--documentum

emcdocument_sciences_xpressionMatch4.5--documentum

References

archives.neohapsis.com/archives/bugtraq/2013-11/0095.html

packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html

www.kb.cert.org/vuls/id/346982

www.securitytracker.com/id/1029384

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for NVD:CVE-2013-6177

cve1 prion1 cvelist1 cert1 securityvulns2