The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2015/Jul/10 - | |
References | () http://www.securitytracker.com/id/1032769 - |
Information
Published : 2015-07-04 10:59
Updated : 2024-11-21 02:23
NVD link : CVE-2015-0548
Mitre link : CVE-2015-0548
CVE.ORG link : CVE-2015-0548
JSON object : View
Products Affected
emc
- documentum_d2
CWE
CWE-20
Improper Input Validation