Lucene search

K
EmcDocumentum D24.2

6 matches found

CVE
CVE
added 2015/07/04 10:59 a.m.41 views

CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

4CVSS6.6AI score0.00156EPSS
CVE
CVE
added 2015/02/14 3:59 p.m.38 views

CVE-2015-0518

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.

9CVSS6.3AI score0.01159EPSS
CVE
CVE
added 2015/02/14 3:59 p.m.37 views

CVE-2015-0517

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

4CVSS5.8AI score0.00216EPSS
CVE
CVE
added 2014/08/20 11:17 a.m.35 views

CVE-2014-2515

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

8.5CVSS6.5AI score0.0102EPSS
CVE
CVE
added 2015/07/04 10:59 a.m.35 views

CVE-2015-0547

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

4CVSS6.6AI score0.00156EPSS
CVE
CVE
added 2014/05/26 12:25 a.m.31 views

CVE-2014-2504

EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service meth...

9CVSS7AI score0.0033EPSS