CVE Vulnerabilities

CVE-2014-2520

Published: Aug 20, 2014 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.3 MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Affected Software

Name Vendor Start Version End Version
Documentum_content_server Emc * 6.7 (including)
Documentum_content_server Emc 6.0 (including) 6.0 (including)
Documentum_content_server Emc 6.5 (including) 6.5 (including)
Documentum_content_server Emc 6.5-sp1 (including) 6.5-sp1 (including)
Documentum_content_server Emc 6.5-sp2 (including) 6.5-sp2 (including)
Documentum_content_server Emc 6.5-sp3 (including) 6.5-sp3 (including)
Documentum_content_server Emc 6.6 (including) 6.6 (including)
Documentum_content_server Emc 6.7 (including) 6.7 (including)
Documentum_content_server Emc 6.7-sp1 (including) 6.7-sp1 (including)
Documentum_content_server Emc 7.0 (including) 7.0 (including)
Documentum_content_server Emc 7.1 (including) 7.1 (including)

References