Lucene search

K
nvd[email protected]NVD:CVE-2014-2503
HistoryJun 06, 2014 - 12:55 a.m.

CVE-2014-2503

2014-06-0600:55:04
CWE-20
web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

77.2%

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

Affected configurations

NVD
Node
emcdocumentum_digital_asset_managerMatch6.5sp3
OR
emcdocumentum_digital_asset_managerMatch6.5sp4
OR
emcdocumentum_digital_asset_managerMatch6.5sp5
OR
emcdocumentum_digital_asset_managerMatch6.5sp6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

77.2%

Related for NVD:CVE-2014-2503