CVE-2016-8213
https://notcve.org/view.php?id=CVE-2016-8213
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versión 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versión 1.10 antes de P17 y EMC Documentum Administrator versión 7.0, versión 7.1 y versión 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podría ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado. • http://www.securityfocus.com/archive/1/540019/30/0/threaded http://www.securityfocus.com/bid/95625 http://www.securitytracker.com/id/1037626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0914
https://notcve.org/view.php?id=CVE-2016-0914
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. EMC Documentum WebTop 6.8 en versiones anteriores a Patch 13 y 6.8.1 en versiones anteriores a Patch 02, Documentum Administrator 7.x en versiones anteriores a 7.2 Patch 13, Documentum Capital Projects 1.9 en versiones anteriores a Patch 23 y 1.10 en versiones anteriores a Patch 10 y Documentum TaskSpace 6.7 SP3 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y ejecutar comandos IAPI/IDQL arbitrarios a través de la interfaz IAPI/IDQL. • http://seclists.org/bugtraq/2016/Jun/92 http://www.securitytracker.com/id/1036153 • CWE-284: Improper Access Control •
CVE-2015-4530
https://notcve.org/view.php?id=CVE-2015-4530
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. Vulnerabilidad de CSRF en EMC Documentum WebTop en versiones anteriores a 6.8P01, Documentum Administrator hasta la versión 7.2, Documentum Digital Assets Manager hasta la versión 6.5SP6, Documentum Web Publishers hasta la versión 6.5SP7 y Documentum Task Space hasta la versión 6.7SP2, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. NOTA: esta vulnerabilidad existe debido a una solución incompleta de la vulnerabilidad CVE-2014-2518. • http://seclists.org/bugtraq/2015/Aug/87 http://www.securityfocus.com/bid/76405 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-4529
https://notcve.org/view.php?id=CVE-2015-4529
Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en EMC Documentum WebTop anterior a 6.8P02, Documentum Administrator anterior a 7.2P01, Documentum Digital Assets Manager hasta 6.5SP6, Documentum Web Publishers hasta 6.5SP7 y Documentum Task Space hasta 6.7SP2, permite a atacantes remotos redirigir a usuarios hacia páginas web arbitrarias y llevar a cabo ataques de phishing por medio de una URL manipulada. • http://seclists.org/bugtraq/2015/Jul/81 http://www.securityfocus.com/bid/75930 http://www.securitytracker.com/id/1032965 •
CVE-2015-4524
https://notcve.org/view.php?id=CVE-2015-4524
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. Vulnerabilidad de la subida de ficheros sin restricciones en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fichero al backend Content Server. • http://seclists.org/bugtraq/2015/Jul/9 http://www.securitytracker.com/id/1032770 • CWE-434: Unrestricted Upload of File with Dangerous Type •