Lucene search

[email protected]NVD:CVE-2014-2510

HistoryJul 08, 2014 - 11:06 a.m.

CVE-2014-2510

2014-07-0811:06:01

CWE-200

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

JSON

The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

emccenterstageMatch1.2sp1

emccenterstageMatch1.2sp2

emcdocumentum_foundation_servicesMatch6.6

emcdocumentum_foundation_servicesMatch6.7

emcdocumentum_foundation_servicesMatch6.7sp1

emcdocumentum_foundation_servicesMatch6.7sp2

emcmy_documentum_for_desktopMatch6.7.2

emcmy_documentum_for_microsoft_outlookMatch6.7sp

emcmy_documentum_for_microsoft_outlookMatch6.7sp2

emcmy_documentum_for_microsoft_outlookMatch6.7.1

emcmy_documentum_for_microsoft_outlookMatch6.7.3

References

archives.neohapsis.com/archives/bugtraq/2014-07/0025.html

secunia.com/advisories/59773

www.securityfocus.com/bid/68434

www.securitytracker.com/id/1030528

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for NVD:CVE-2014-2510

securityvulns2 cve1 cvelist1 prion1