EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2016/Feb/66 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1034993 | Third Party Advisory VDB Entry |
http://seclists.org/bugtraq/2016/Feb/66 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1034993 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2016/Feb/66 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1034993 - Third Party Advisory, VDB Entry |
Information
Published : 2016-02-12 01:59
Updated : 2024-11-21 02:42
NVD link : CVE-2016-0881
Mitre link : CVE-2016-0881
CVE.ORG link : CVE-2016-0881
JSON object : View
Products Affected
emc
- documentum_xcp
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')