CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
References
Link Resource
http://seclists.org/bugtraq/2016/Feb/66 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034993 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:documentum_xcp:2.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_xcp:2.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-02-12 01:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-0881

Mitre link : CVE-2016-0881

CVE.ORG link : CVE-2016-0881


JSON object : View

Products Affected

emc

  • documentum_xcp
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')