Lucene search
HistoryAug 20, 2014 - 11:17 a.m.
CVE-2014-2520
CVSS2
6.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
AI Score
8.1
Confidence
High
EPSS
0.002
Percentile
54.7%
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
Affected configurations
Node
emcdocumentum_content_serverRange≤6.7sp2
ORemcdocumentum_content_serverMatch6.0
ORemcdocumentum_content_serverMatch6.5
ORemcdocumentum_content_serverMatch6.5sp1
ORemcdocumentum_content_serverMatch6.5sp2
ORemcdocumentum_content_serverMatch6.5sp3
ORemcdocumentum_content_serverMatch6.6
ORemcdocumentum_content_serverMatch6.7-
ORemcdocumentum_content_serverMatch6.7sp1
ORemcdocumentum_content_serverMatch7.0
ORemcdocumentum_content_serverMatch7.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | documentum_content_server | * | cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:* |
| emc | documentum_content_server | 6.0 | cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:* |
| emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:* |
| emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:* |
| emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:* |
| emc | documentum_content_server | 6.5 | cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:* |
| emc | documentum_content_server | 6.6 | cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:* |
| emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:* |
| emc | documentum_content_server | 6.7 | cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:* |
| emc | documentum_content_server | 7.0 | cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2014-08-20 11:17:00
Design/Logic Flaw
2017-02-22 16:59:00
cve
cve
CVE-2014-2520
2014-08-20 11:17:13
CVE-2017-5585
2017-02-22 16:59:00
cvelist
cvelist
CVE-2014-2520
2014-08-20 10:00:00
CVE-2017-5585
2017-02-22 16:00:00
nvd
nvd
CVE-2017-5585
2017-02-22 16:59:00
packetstorm
packetstorm
OpenText Documentum Content Server 7.3 SQL Injection
2017-02-16 00:00:00
securityvulns
securityvulns
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
2014-08-26 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
nessus
nessus
EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)
2014-09-11 00:00:00
cert
cert
EMC Documentum products contain multiple vulnerabilities
2014-12-15 00:00:00
CVSS2
6.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
AI Score
8.1
Confidence
High
EPSS
0.002
Percentile
54.7%
Related for NVD:CVE-2014-2520