CVE-2016-6644

{"id": "CVE-2016-6644", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2016-09-17T21:59:01.543", "references": [{"url": "http://seclists.org/bugtraq/2016/Sep/18", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/92906", "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1036796", "source": "security_alert@emc.com"}, {"url": "http://seclists.org/bugtraq/2016/Sep/18", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/92906", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1036796", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value."}, {"lang": "es", "value": "EMC Documentum D2 4.5 en versiones anteriores a patch 15 y 4.6 en versiones anteriores a patch 03 permite a atacantes remotos leer documentos Docbase arbitrarios aprovechando el conocimiento de un valor r_object_id."}], "lastModified": "2024-11-21T02:56:32.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_d2:*:p14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32E6A682-6FFE-4E3A-86A0-C3EC5442D0AB", "versionEndIncluding": "4.5"}, {"criteria": "cpe:2.3:a:emc:documentum_d2:*:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A196B4AC-4BCF-4117-B0CD-64323931C8FD", "versionEndIncluding": "4.6"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}