Lucene search

K
EmcDocumentum Eroom

7 matches found

CVE
CVE
added 2012/03/15 12:55 a.m.39 views

CVE-2012-0398

EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.

7.5CVSS6.9AI score0.0046EPSS
CVE
CVE
added 2013/11/06 3:55 p.m.39 views

CVE-2013-3286

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00225EPSS
CVE
CVE
added 2014/07/01 12:55 a.m.39 views

CVE-2014-2512

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00297EPSS
CVE
CVE
added 2017/02/03 7:59 a.m.39 views

CVE-2017-2766

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the ...

9.8CVSS9.3AI score0.00786EPSS
CVE
CVE
added 2011/07/19 8:55 p.m.37 views

CVE-2011-1741

Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.

10CVSS8.1AI score0.24609EPSS
CVE
CVE
added 2012/03/15 12:55 a.m.36 views

CVE-2012-0404

Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00225EPSS
CVE
CVE
added 2011/11/09 11:55 p.m.26 views

CVE-2011-2739

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.

8.5CVSS7.5AI score0.01574EPSS