6 matches found
CVE-2016-0886
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...
Code injection
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcpmember API call...
Xxe
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Design/Logic Flaw
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...
CVE-2016-0881
EMC Documentum xCP is affected: versions 2.1 before patch 23 and 2.2 before patch 11 expose a DQL injection via REST requests, allowing remote authenticated attackers to obtain sensitive repository information. The root cause is improper handling of XCP REST requests, enabling execution of SQL-li...
CVE-2016-0881
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...