69 matches found
CVE-2016-0888
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...
EMC Documentum D2 Unauthorized Operation Vulnerability
EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. Multiple D2 Configuration object types in EMC Documentum D2 versions prior to 4.6 fail to properly use ACLs, which can be exploited by an authenticated,...
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...
Hardcoded credentials
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...
CVE-2015-4537
EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...
EMC Documentum D2 Information Disclosure Vulnerability (CNVD-2015-05464)
EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. A security vulnerability in the Lockbox component of EMC Documentum D2 4.2 and prior versions when saving a password in an encrypted file can be exploite...
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected products: • EM...
Design/Logic Flaw
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...
Design/Logic Flaw
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...
EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04194)
EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 has a DQL injection vulnerability in the D2CenterstageService.getComments service method that can lead to database information disclosu...
EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04195)
EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 suffers from a SQL injection vulnerability in the D2DownloadService.getDownloadUrls service method, which could lead to the disclosure ...
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability EMC Identifier: ESA-2015-109 CVE Identifier: CVE-2015-0549 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: EMC Documentum D2 version 4.1 EMC...
CVE-2015-0549
Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-0549
Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-0549
EMC Documentum D2 is affected by a stored cross-site scripting (XSS) vulnerability (CVE-2015-0549) in versions prior to 4.5. The issue affects D2 components handling user-supplied input, allowing an authenticated remote attacker to inject script/HTML. Public advisories (ESA-2015-109) indicate aff...
EMC Documentum D2 4.1.x < 4.5 XSS (ESA-2015-109)
The remote host is running a version EMC Documentum D2 that is 4.1.x or 4.2.x prior to 4.5. It is, therefore, affected by a stored cross-site scripting vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...
EMC Documentum D2 Cross-Site Scripting Vulnerability
EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 version 4.5 contains a cross-site scripting vulnerability that could allow an attacker to inject malicious HTML or script...
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: • EMC Documentum D2 3.1 and all patch versions • EMC Documentum D2 3.1 SP1 and all patch versions • E...
CVE-2015-0518
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions...