10 matches found
CVE-2013-3281
The CVE-2013-3281 entry describes a cross-site scripting (XSS) vulnerability in EMC Documentum products (Webtop, WDK, Taskspace, Records Manager, Web Publisher, Digital Asset Manager, Administrator, Capital Projects) prior to the stated SP versions. The flaw allows remote attackers to inject arbi...
CVE-2016-8213
CVE-2016-8213 affects EMC Documentum products: WebTop 6.8 (before P18) and 6.8.1 (before P06); TaskSpace 6.7SP3 (before P02); Capital Projects 1.9 (before P30) and 1.10 (before P17); and Administrator 7.0, 7.1, and 7.2 (before P18). The vulnerability is a Stored Cross-Site Scripting (XSS) issue t...
CVE-2014-2518
EMC Documentum CSRF vulnerabilities (CVE-2014-2518) affect WebTop, Administrator, WDK, Task Space, Records Manager, Web Publisher and Digital Asset Manager across multiple versions; exploitation could hijack user sessions by tricking authenticated users. The ESA-2014-073 advisory notes the fix fo...
CVE-2015-4529
This CVE (CVE-2015-4529) covers an open redirect vulnerability in EMC Documentum client/server components, including WebTop (before 6.8P02), Administrator (before 7.2P01), Digital Assets Manager (through 6.5SP6), Web Publishers (through 6.5SP7), and Task Space (through 6.7SP2). The underlying iss...
CVE-2015-0551
EMC Documentum WebTop and client products contain multiple cross-site scripting (XSS) vulnerabilities (CVE-2015-0551) allowing remote authenticated users to inject arbitrary HTML/script via unspecified vectors. Affected products include WebTop 6.7SP1/6.7SP2/6.8 and client components: Documentum A...
CVE-2015-4530
EMC Documentum CSRF vulnerability CVE-2015-4530 affects WebTop and related components (WebTop, WebTop-based clients; Administrator up to 7.2; DAM 6.5SP6; Web Publishers 6.5SP7; Task Space 6.7SP2). Root cause: incomplete fix for CVE-2014-2518. Impact: attackers can hijack user sessions, performing...
CVE-2016-0914
EMC Documentum WebTop and related components are affected by CVE-2016-0914. The vulnerability allows remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. Affected products/versions and patches (as described): WebTo...
CVE-2015-4524
CVE-2015-4524: Unrestricted file upload in EMC Documentum WebTop family enables remote authenticated users to upload arbitrary files to the backend Content Server, potentially executing code. Affected products and versions include WebTop 6.7SP1 before P31, 6.7SP2 before P23, 6.8 before P01; Docum...
CVE-2008-0656
The CVE-2008-0656 entry concerns EMC Documentum components: Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317. The vulnerability is an uncontrolled file upload in dmclTrace.jsp that allows a remote attacker to overwrite arbitrary files by supplying a crafted filename attribute. The availabl...
CVE-2014-2511
CVE-2014-2511 maps to EMC Documentum WebTop multiple XSS vulnerabilities exploitable via startat and entryId parameters. The ESA-2014-059 advisory confirms the issue affects EMC WebTop 6.7 SP1, 6.7 SP2 (and other Documentum/WebTop family products) with fixes in specific patches/versions (e.g., We...