7 matches found
CVE-2014-2512
EMC Documentum eRoom contains multiple cross-site scripting (XSS) vulnerabilities (CVE-2014-2512) in versions 7.4.3, 7.4.4 before P19, and 7.4.4 SP1. The issue affects authenticated users and allows injection of arbitrary HTML/script via unspecified vectors. Fixed versions/mitigations per SEC Con...
CVE-2013-3286
EMC Documentum eRoom is affected by multiple cross‑site scripting (XSS) vulnerabilities prior to version 7.4.4 P11. Exploitation vector involves crafting a URL that triggers script/HTML execution in an authenticated user context. Affected products include EMC Documentum eRoom versions 7.4.4 P10 a...
CVE-2017-2766
CVE-2017-2766 affects EMC Documentum eRoom: vulnerable in versions 7.4.4, 7.4.4 SP1, and prior to 7.4.5 P04 or 7.5.0 P01 due to an unverified password change vulnerability. This could allow a malicious user to compromise the affected system. According to the sources, the issue manifests in the pa...
CVE-2011-1741
CVE-2011-1741 affects EMC Documentum eRoom’s Indexing Server via the bundled HummingBird Client Connector (ftserver.exe) . A stack-based buffer overflow occurs when parsing a crafted TCP packet, which could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Affected...
CVE-2012-0398
CVE-2012-0398 affects EMC Documentum eRoom prior to 7.4.4. The flaw involves improper validation of session cookies, enabling remote attackers to hijack or replay user sessions via unspecified vectors. EMC’s advisory/esg127683 recommends upgrading to eRoom 7.4.4 to remediate. Other connected sour...
CVE-2012-0404
EMC Documentum eRoom is affected by CVE-2012-0404, a DOM-based cross-site scripting vulnerability in versions prior to 7.4.4. The issue enables an attacker to inject arbitrary web script or HTML via unspecified vectors. EMC’s advisory ESA-2012-012 confirms upgrade to eRoom 7.4.4 as a remedy. No e...
CVE-2011-2739
EMC Documentum eRoom contains a flaw in its file-blocking feature that allows bypassing site-wide controls. In EMC Documentum eRoom 7.3.x and 7.4.x prior to 7.4.3.g, the validation for blocked file types is insufficient, enabling remote authenticated users to upload and open arbitrary files and p...