Vulnerabilities (CVE)

Filtered by vendor Emc Subscribe
Filtered by product Documentum Taskspace
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8213 1 Emc 4 Documentum Administrator, Documentum Capital Projects, Documentum Taskspace and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2016-0914 1 Emc 4 Documentum Administrator, Documentum Capital Projects, Documentum Taskspace and 1 more 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
CVE-2015-4530 1 Emc 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
CVE-2015-4529 1 Emc 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more 2024-11-21 5.8 MEDIUM N/A
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVE-2015-4524 1 Emc 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more 2024-11-21 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
CVE-2015-0551 1 Emc 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more 2024-11-21 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0630 1 Emc 1 Documentum Taskspace 2024-11-21 4.0 MEDIUM N/A
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.
CVE-2014-0629 1 Emc 1 Documentum Taskspace 2024-11-21 8.5 HIGH N/A
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
CVE-2013-3281 1 Emc 7 Documentum Administrator, Documentum Capital Projects, Documentum Digital Asset Manager and 4 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
CVE-2013-0939 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2024-11-21 5.8 MEDIUM N/A
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
CVE-2013-0938 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0937 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2024-11-21 5.8 MEDIUM N/A
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.