Lucene search
+L

69 matches found

Cvelist
Cvelist
added 2016/04/07 10:0 a.m.24 views

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

8.4AI score0.03107EPSS
Exploits0References2
CNVD
CNVD
added 2016/04/06 12:0 a.m.9 views

EMC Documentum D2 Unauthorized Operation Vulnerability

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. Multiple D2 Configuration object types in EMC Documentum D2 versions prior to 4.6 fail to properly use ACLs, which can be exploited by an authenticated,...

9CVSS6.8AI score0.03107EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.54 views

ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...

3.5CVSS0.5AI score0.01207EPSS
Exploits0
Prion
Prion
added 2015/08/22 6:59 p.m.12 views

Hardcoded credentials

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...

3.5CVSS6.7AI score0.01207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/08/22 6:0 p.m.62 views

CVE-2015-4537

EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...

3.5CVSS6.4AI score0.01207EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/08/20 12:0 a.m.4 views

EMC Documentum D2 Information Disclosure Vulnerability (CNVD-2015-05464)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. A security vulnerability in the Lockbox component of EMC Documentum D2 4.2 and prior versions when saving a password in an encrypted file can be exploite...

3.5CVSS7AI score0.01207EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.53 views

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected products: • EM...

4CVSS0.6AI score0.0144EPSS
Exploits0
Prion
Prion
added 2015/07/04 10:59 a.m.14 views

Design/Logic Flaw

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2015/07/04 10:59 a.m.19 views

Design/Logic Flaw

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/07/02 12:0 a.m.5 views

EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04194)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 has a DQL injection vulnerability in the D2CenterstageService.getComments service method that can lead to database information disclosu...

4CVSS7.1AI score0.0144EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/02 12:0 a.m.4 views

EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04195)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 suffers from a SQL injection vulnerability in the D2DownloadService.getDownloadUrls service method, which could lead to the disclosure ...

4CVSS7.8AI score0.0144EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.45 views

ESA-2015-109: EMC Documentum D2 Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability EMC Identifier: ESA-2015-109 CVE Identifier: CVE-2015-0549 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: EMC Documentum D2 version 4.1 EMC...

3.5CVSS0.2AI score0.01075EPSS
Exploits0
NVD
NVD
added 2015/06/28 7:59 p.m.15 views

CVE-2015-0549

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.01075EPSS
Exploits0References2
Prion
Prion
added 2015/06/28 7:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01075EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/06/28 7:0 p.m.23 views

CVE-2015-0549

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.2AI score0.01075EPSS
Exploits0References2
CVE
CVE
added 2015/06/28 7:0 p.m.51 views

CVE-2015-0549

EMC Documentum D2 is affected by a stored cross-site scripting (XSS) vulnerability (CVE-2015-0549) in versions prior to 4.5. The issue affects D2 components handling user-supplied input, allowing an authenticated remote attacker to inject script/HTML. Public advisories (ESA-2015-109) indicate aff...

3.5CVSS5.3AI score0.01075EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/06/26 12:0 a.m.29 views

EMC Documentum D2 4.1.x < 4.5 XSS (ESA-2015-109)

The remote host is running a version EMC Documentum D2 that is 4.1.x or 4.2.x prior to 4.5. It is, therefore, affected by a stored cross-site scripting vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...

3.5CVSS5.8AI score0.01075EPSS
Exploits0References2
CNVD
CNVD
added 2015/06/24 12:0 a.m.5 views

EMC Documentum D2 Cross-Site Scripting Vulnerability

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 version 4.5 contains a cross-site scripting vulnerability that could allow an attacker to inject malicious HTML or script...

3.5CVSS6.1AI score0.01075EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.44 views

ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: • EMC Documentum D2 3.1 and all patch versions • EMC Documentum D2 3.1 SP1 and all patch versions • E...

9CVSS1.1AI score0.03657EPSS
Exploits0
NVD
NVD
added 2015/02/14 3:59 p.m.19 views

CVE-2015-0518

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions...

9CVSS6.2AI score0.03657EPSS
Exploits0References4
Rows per page
Query Builder