CVE-2014-0630

CVE-2014-0630 affects EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11. The issue allows remote authenticated users to retrieve arbitrary files by modifying the imaging-service URL used to stream content, indicating a failure in input/url validation within the imaging servic...

CVE-2013-0937

CVE-2013-0937 is a session-fixation vulnerability affecting EMC Documentum Webtop, WDK, Taskspace, and Records Manager up to version 6.7 SP2. The entry describes that remote attackers could hijack an authenticated session via unspecified vectors. Affected components include Webtop, WDK, Taskspace...

CVE-2013-3281

The CVE-2013-3281 entry describes a cross-site scripting (XSS) vulnerability in EMC Documentum products (Webtop, WDK, Taskspace, Records Manager, Web Publisher, Digital Asset Manager, Administrator, Capital Projects) prior to the stated SP versions. The flaw allows remote attackers to inject arbi...

CVE-2013-0938

CVE-2013-0938 describes a cross-site scripting (XSS) vulnerability in EMC Documentum products prior to 6.7 SP2. Affected components include Webtop, WDK, Taskspace, and Records Manager before 6.7 SP2. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,...

CVE-2016-8213

CVE-2016-8213 affects EMC Documentum products: WebTop 6.8 (before P18) and 6.8.1 (before P06); TaskSpace 6.7SP3 (before P02); Capital Projects 1.9 (before P30) and 1.10 (before P17); and Administrator 7.0, 7.1, and 7.2 (before P18). The vulnerability is a Stored Cross-Site Scripting (XSS) issue t...

CVE-2013-0939

EMC Documentum CVE-2013-0939 affects Webtop, WDK, Taskspace, and Records Manager prior to 6.7 SP2. The issue is a Cross Frame Scripting vulnerability allowing remote attackers to obtain sensitive information via cross-origin frame navigation. Affected products include Webtop, WDK, Taskspace, and ...

CVE-2015-4529

This CVE (CVE-2015-4529) covers an open redirect vulnerability in EMC Documentum client/server components, including WebTop (before 6.8P02), Administrator (before 7.2P01), Digital Assets Manager (through 6.5SP6), Web Publishers (through 6.5SP7), and Task Space (through 6.7SP2). The underlying iss...

CVE-2015-0551

EMC Documentum WebTop and client products contain multiple cross-site scripting (XSS) vulnerabilities (CVE-2015-0551) allowing remote authenticated users to inject arbitrary HTML/script via unspecified vectors. Affected products include WebTop 6.7SP1/6.7SP2/6.8 and client components: Documentum A...

CVE-2014-0629

EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 are affected by CVE-2014-0629 due to an incorrect group-addition implementation between the dm_world group and the dm_superusers_dynamic group. This can allow remote authenticated users to obtain sensitive information and gain...

CVE-2015-4530

EMC Documentum CSRF vulnerability CVE-2015-4530 affects WebTop and related components (WebTop, WebTop-based clients; Administrator up to 7.2; DAM 6.5SP6; Web Publishers 6.5SP7; Task Space 6.7SP2). Root cause: incomplete fix for CVE-2014-2518. Impact: attackers can hijack user sessions, performing...

CVE-2016-0914

EMC Documentum WebTop and related components are affected by CVE-2016-0914. The vulnerability allows remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. Affected products/versions and patches (as described): WebTo...

CVE-2015-4524

CVE-2015-4524: Unrestricted file upload in EMC Documentum WebTop family enables remote authenticated users to upload arbitrary files to the backend Content Server, potentially executing code. Affected products and versions include WebTop 6.7SP1 before P31, 6.7SP2 before P23, 6.8 before P01; Docum...