CVE-2014-2503

UNKNOWN

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6

Published Jun 6, 2014

Modified 1 years ago

No fix available

Details

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

References

WEBhttp://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html WEBhttp://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html WEBhttp://www.securityfocus.com/bid/67868 WEBhttp://www.securitytracker.com/id/1030348 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2014-2503

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedJun 6, 2014

ModifiedAug 6, 2024