Lucene search
K

6 matches found

NVD
NVD
added 2016/03/09 11:59 p.m.15 views

CVE-2016-0886

EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...

4.3CVSS4.3AI score0.01758EPSS
Exploits0References3
Prion
Prion
added 2016/03/09 11:59 p.m.14 views

Code injection

EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...

4CVSS6.5AI score0.01758EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2016/02/12 1:59 a.m.12 views

Xxe

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

5.5CVSS6.8AI score0.01707EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/02/12 1:59 a.m.18 views

Design/Logic Flaw

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

4CVSS6.7AI score0.01708EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/02/12 1:0 a.m.44 views

CVE-2016-0881

EMC Documentum xCP is affected: versions 2.1 before patch 23 and 2.2 before patch 11 expose a DQL injection via REST requests, allowing remote authenticated attackers to obtain sensitive repository information. The root cause is improper handling of XCP REST requests, enabling execution of SQL-li...

6.5CVSS6.2AI score0.01708EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/02/12 1:0 a.m.25 views

CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

6.3AI score0.01708EPSS
Exploits0References2
Rows per page
Query Builder