CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type Values Removed Values Added
References () http://seclists.org/bugtraq/2015/Jul/10 - () http://seclists.org/bugtraq/2015/Jul/10 -
References () http://www.securitytracker.com/id/1032769 - () http://www.securitytracker.com/id/1032769 -

Information

Published : 2015-07-04 10:59

Updated : 2024-11-21 02:23


NVD link : CVE-2015-0548

Mitre link : CVE-2015-0548

CVE.ORG link : CVE-2015-0548


JSON object : View

Products Affected

emc

  • documentum_d2
CWE
CWE-20

Improper Input Validation