EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/current/0130.html - | |
References | () http://secunia.com/advisories/58938 - | |
References | () http://www.securitytracker.com/id/1030282 - |
Information
Published : 2014-05-26 00:25
Updated : 2024-11-21 02:06
NVD link : CVE-2014-2504
Mitre link : CVE-2014-2504
CVE.ORG link : CVE-2014-2504
JSON object : View
Products Affected
emc
- documentum_d2
CWE
CWE-264
Permissions, Privileges, and Access Controls