CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
References
Link Resource
http://seclists.org/bugtraq/2016/Feb/66 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034993 Third Party Advisory VDB Entry
http://seclists.org/bugtraq/2016/Feb/66 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034993 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:documentum_xcp:2.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_xcp:2.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:42

Type Values Removed Values Added
References () http://seclists.org/bugtraq/2016/Feb/66 - Third Party Advisory, VDB Entry () http://seclists.org/bugtraq/2016/Feb/66 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1034993 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1034993 - Third Party Advisory, VDB Entry

Information

Published : 2016-02-12 01:59

Updated : 2024-11-21 02:42


NVD link : CVE-2016-0881

Mitre link : CVE-2016-0881

CVE.ORG link : CVE-2016-0881


JSON object : View

Products Affected

emc

  • documentum_xcp
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')