CVE-2016-0881

{"id": "CVE-2016-0881", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2016-02-12T01:59:00.113", "references": [{"url": "http://seclists.org/bugtraq/2016/Feb/66", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1034993", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://seclists.org/bugtraq/2016/Feb/66", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034993", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request."}, {"lang": "es", "value": "EMC Documentum xCP 2.1 en versiones anteriores al patch 23 y 2.2 en versiones anteriores al patch 11 permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\u00f3n Documentum Query Language (DQL) y obtener informaci\u00f3n sensible del repositorio a\u00f1adiendo una consulta a una petici\u00f3n REST."}], "lastModified": "2024-11-21T02:42:33.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_xcp:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66A06679-442C-484B-9522-ADEEFBB78323"}, {"criteria": "cpe:2.3:a:emc:documentum_xcp:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCAC7A92-DDF2-4A90-B3BC-FB3211F8EF67"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}