Lucene search
K
EmcDocumentum D2

12 matches found

CVE
CVE
added 2015/08/22 6:0 p.m.60 views

CVE-2015-4537

EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...

3.5CVSS6.4AI score0.01207EPSS
CVE
CVE
added 2015/07/04 10:0 a.m.53 views

CVE-2015-0548

EMC Documentum D2 contains DQL injection vulnerabilities in D2DownloadService.getDownloadUrls (affecting D2 4.1/4.2 before 4.2 P16 and 4.5 before P03). A remote authenticated attacker can bypass read-access restrictions and disclose database data. Related advisory ESA-2015-108 and vendor/NVD entr...

4CVSS6.6AI score0.0144EPSS
CVE
CVE
added 2015/02/14 3:0 p.m.49 views

CVE-2015-0517

EMC Documentum D2 vulnerability CVE-2015-0517 affects D2-API logging the MD5 hash of the passphrase used to encrypt credentials. Affected: EMC Documentum D2 3.1 (SP1), 4.0, 4.1 before 4.1 P22, and 4.2 before P11. Consequence: potential exposure of the passphrase if an attacker accesses log files....

4CVSS5.8AI score0.01228EPSS
CVE
CVE
added 2015/02/14 3:0 p.m.49 views

CVE-2015-0518

EMC Documentum D2 (D2FS web service Properties component) is affected by CVE-2015-0518. A flaw in the D2FS Properties service allows a remote authenticated, low-privilege D2 user to modify group permissions and escalate to superuser privileges. Affected products/versions include D2 3.1 through SP...

9CVSS6.3AI score0.03657EPSS
CVE
CVE
added 2015/06/28 7:0 p.m.49 views

CVE-2015-0549

EMC Documentum D2 is affected by a stored cross-site scripting (XSS) vulnerability (CVE-2015-0549) in versions prior to 4.5. The issue affects D2 components handling user-supplied input, allowing an authenticated remote attacker to inject script/HTML. Public advisories (ESA-2015-109) indicate aff...

3.5CVSS5.3AI score0.01075EPSS
CVE
CVE
added 2014/08/20 10:0 a.m.47 views

CVE-2014-2515

CVE-2014-2515 affects EMC Documentum D2 and its related components. The issue arises from inadequate access control in the D2GetAdminTicketMethod and D2RefreshCacheMethod, allowing a remote, authenticated user to obtain a superuser ticket and escalate privileges. Affected product versions include...

8.5CVSS6.5AI score0.02449EPSS
CVE
CVE
added 2015/07/04 10:0 a.m.47 views

CVE-2015-0547

EMC Documentum D2 is affected by CVE-2015-0547 due to DQL injection in the D2CenterstageService.getComments method. The vulnerability affects D2 versions 4.1 and 4.2 prior to 4.2 P16 and 4.5 prior to P03, enabling remote authenticated users to bypass read-access restrictions and potentially discl...

4CVSS6.6AI score0.0144EPSS
CVE
CVE
added 2016/04/07 10:0 a.m.45 views

CVE-2016-0888

Affected product: EMC Documentum D2 (versions before 4.6). Vulnerability: Insufficient ACLs for D2 configuration objects allow a remote authenticated user to modify (and in at least one source, delete) D2 objects via unspecified vectors. The root cause is failure to enforce secure access control ...

9CVSS8.1AI score0.03107EPSS
CVE
CVE
added 2017/02/03 7:24 a.m.43 views

CVE-2016-9873

CVE-2016-9873 concerns EMC Documentum D2 4.5 and 4.6, where a DQL (Document Query Language) injection allows an authenticated, low-privilege attacker to execute arbitrary DQL commands, potentially exposing/modifying data or disrupting services. The vulnerability is documented across multiple sour...

6.5CVSS6.5AI score0.01599EPSS
CVE
CVE
added 2014/05/23 10:0 p.m.42 views

CVE-2014-2504

EMC Documentum D2 is affected by CVE-2014-2504 across multiple releases (3.1 before P20, 3.1SP1 before P02, 4.0 before P10, 4.1 before P13, 4.2 before P01). The issue stems from a flaw in the Documentum Query Language (DQL) engine that enables an authenticated remote user to bypass access restric...

9CVSS7AI score0.02992EPSS
CVE
CVE
added 2017/02/03 7:24 a.m.41 views

CVE-2016-9872

CVE-2016-9872 affects EMC Documentum D2, specifically versions 4.5 and 4.6, which have reflected Cross-Site Scripting (XSS) vulnerabilities. The issue arises in the handling of user-supplied input, allowing an attacker to potentially compromise the affected system via crafted requests. Public sou...

6.1CVSS6.1AI score0.01337EPSS
CVE
CVE
added 2016/09/17 9:0 p.m.39 views

CVE-2016-6644

EMC Documentum D2 4.5.x before 4.5 P15 or 4.6.x before 4.6 P03 is affected by an information-disclosure vulnerability due to improper validation of the r_object_id identifier. An unauthenticated remote attacker could read arbitrary Docbase documents by leveraging knowledge of an r_object_id value...

5.3CVSS5.3AI score0.01861EPSS