CVSS: 8.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-4618
https://notcve.org/view.php?id=CVE-2014-4618
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07 permite a usuarios remotos autenticados ganar privilegios a través de un objeto de sistema creado por un usuario. • http://secunia.com/advisories/60571 http://www.securityfocus.com/archive/1/533162/30/0/threaded http://www.securityfocus.com/bid/69273 http://www.securitytracker.com/id/1030743 https://exchange.xforce.ibmcloud.com/vulnerabilities/95368 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.3EPSS: 0%CPEs: 11EXPL: 0CVE-2014-2520 – OpenText Documentum Content Server 7.3 SQL Injection
https://notcve.org/view.php?id=CVE-2014-2520
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. EMC Documentum Content Server anterior a 6.7 SP2 P16 y 7.x anterior a 7.1 P07, cuando Oracle Database está utilizada, no restringe debidamente los hints DQL, lo que permite a usuarios remotos autenticados realizar ataques de inyección DQL y leer contenido sensible de la base de datos a través de una solicitud manipulada. OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete. • http://secunia.com/advisories/60571 http://www.securityfocus.com/archive/1/533162/30/0/threaded http://www.securityfocus.com/bid/69274 http://www.securitytracker.com/id/1030743 https://exchange.xforce.ibmcloud.com/vulnerabilities/95369 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2515
https://notcve.org/view.php?id=CVE-2014-2515
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. EMC Documentum D2 3.1 anterior a P24, 3.1SP1 anterior a P02, 4.0 anterior a P11, 4.1 anterior a P16, y 4.2 anterior a P05 no restringe debidamente los tickets proporcionados por D2GetAdminTicketMethod y D2RefreshCacheMethod, lo que permite a usuarios remotos autenticados ganar privilegios a través de una solicitud para un ticket de superusuario. • http://secunia.com/advisories/60565 http://www.securityfocus.com/archive/1/533161/30/0/threaded http://www.securityfocus.com/bid/69275 http://www.securitytracker.com/id/1030740 https://exchange.xforce.ibmcloud.com/vulnerabilities/95367 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2014-2511
https://notcve.org/view.php?id=CVE-2014-2511
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. Múltiples vulnerabilidades de XSS en EMC Documentum WebTop anterior a 6.7 SP1 P28 y 6.7 SP2 anterior a P14 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) startat o (2) entryId. • http://secunia.com/advisories/60561 http://www.securityfocus.com/archive/1/533160/30/0/threaded http://www.securityfocus.com/bid/69272 http://www.securitytracker.com/id/1030741 https://exchange.xforce.ibmcloud.com/vulnerabilities/95366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-2518
https://notcve.org/view.php?id=CVE-2014-2518
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de CSRF en EMC Documentum WDK anterior a 6.7SP1 P28 y 6.7SP2 anterior a P15 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://secunia.com/advisories/60563 http://www.securityfocus.com/archive/1/533159/30/0/threaded http://www.securityfocus.com/bid/69277 http://www.securitytracker.com/id/1030742 https://exchange.xforce.ibmcloud.com/vulnerabilities/95365 • CWE-352: Cross-Site Request Forgery (CSRF) •