12 matches found
CVE-2015-4537
EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...
CVE-2015-0548
EMC Documentum D2 contains DQL injection vulnerabilities in D2DownloadService.getDownloadUrls (affecting D2 4.1/4.2 before 4.2 P16 and 4.5 before P03). A remote authenticated attacker can bypass read-access restrictions and disclose database data. Related advisory ESA-2015-108 and vendor/NVD entr...
CVE-2015-0517
EMC Documentum D2 vulnerability CVE-2015-0517 affects D2-API logging the MD5 hash of the passphrase used to encrypt credentials. Affected: EMC Documentum D2 3.1 (SP1), 4.0, 4.1 before 4.1 P22, and 4.2 before P11. Consequence: potential exposure of the passphrase if an attacker accesses log files....
CVE-2015-0518
EMC Documentum D2 (D2FS web service Properties component) is affected by CVE-2015-0518. A flaw in the D2FS Properties service allows a remote authenticated, low-privilege D2 user to modify group permissions and escalate to superuser privileges. Affected products/versions include D2 3.1 through SP...
CVE-2015-0549
EMC Documentum D2 is affected by a stored cross-site scripting (XSS) vulnerability (CVE-2015-0549) in versions prior to 4.5. The issue affects D2 components handling user-supplied input, allowing an authenticated remote attacker to inject script/HTML. Public advisories (ESA-2015-109) indicate aff...
CVE-2014-2515
CVE-2014-2515 affects EMC Documentum D2 and its related components. The issue arises from inadequate access control in the D2GetAdminTicketMethod and D2RefreshCacheMethod, allowing a remote, authenticated user to obtain a superuser ticket and escalate privileges. Affected product versions include...
CVE-2015-0547
EMC Documentum D2 is affected by CVE-2015-0547 due to DQL injection in the D2CenterstageService.getComments method. The vulnerability affects D2 versions 4.1 and 4.2 prior to 4.2 P16 and 4.5 prior to P03, enabling remote authenticated users to bypass read-access restrictions and potentially discl...
CVE-2016-0888
Affected product: EMC Documentum D2 (versions before 4.6). Vulnerability: Insufficient ACLs for D2 configuration objects allow a remote authenticated user to modify (and in at least one source, delete) D2 objects via unspecified vectors. The root cause is failure to enforce secure access control ...
CVE-2016-9873
CVE-2016-9873 concerns EMC Documentum D2 4.5 and 4.6, where a DQL (Document Query Language) injection allows an authenticated, low-privilege attacker to execute arbitrary DQL commands, potentially exposing/modifying data or disrupting services. The vulnerability is documented across multiple sour...
CVE-2014-2504
EMC Documentum D2 is affected by CVE-2014-2504 across multiple releases (3.1 before P20, 3.1SP1 before P02, 4.0 before P10, 4.1 before P13, 4.2 before P01). The issue stems from a flaw in the Documentum Query Language (DQL) engine that enables an authenticated remote user to bypass access restric...
CVE-2016-9872
CVE-2016-9872 affects EMC Documentum D2, specifically versions 4.5 and 4.6, which have reflected Cross-Site Scripting (XSS) vulnerabilities. The issue arises in the handling of user-supplied input, allowing an attacker to potentially compromise the affected system via crafted requests. Public sou...
CVE-2016-6644
EMC Documentum D2 4.5.x before 4.5 P15 or 4.6.x before 4.6 P03 is affected by an information-disclosure vulnerability due to improper validation of the r_object_id identifier. An unauthenticated remote attacker could read arbitrary Docbase documents by leveraging knowledge of an r_object_id value...