Documentum D2@* Security Vulnerabilities and Issues — Documentum D2@* CVE List

Lucene search

EmcDocumentum D2*

4 matches found

CVE•added 2015/08/22 6:59 p.m.•48 views

CVE-2015-4537

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.

3.5CVSS6.4AI score0.00176EPSS

CVE•added 2015/06/28 7:59 p.m.•40 views

CVE-2015-0549

Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00159EPSS

CVE•added 2016/04/07 10:59 a.m.•34 views

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.

9CVSS8.1AI score0.01391EPSS

CVE•added 2016/09/17 9:59 p.m.•29 views

CVE-2016-6644

EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.

5.3CVSS5.3AI score0.00492EPSS