2 matches found
ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability
ESA-2014-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability EMC Identifier: ESA-2014-045 CVE Identifier: CVE-2014-2504 Severity: CVSSv2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2...
CVE-2014-2504
EMC Documentum D2 is affected by CVE-2014-2504 across multiple releases (3.1 before P20, 3.1SP1 before P02, 4.0 before P10, 4.1 before P13, 4.2 before P01). The issue stems from a flaw in the Documentum Query Language (DQL) engine that enables an authenticated remote user to bypass access restric...