CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32264
https://notcve.org/view.php?id=CVE-2023-32264
08 Mar 2024 — CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer. Vulnerabilidad CWE-1385 en OpenText Documentum D2 que afecta a las versiones 16.5.1 a CE 23.2. La vulnerabilidad podría permitir cargar código arbitrario y ejecutarlo en el ordenador del cliente. CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0799355 • CWE-1385: Missing Origin Validation in WebSockets •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9872 – EMC Documentum D2 4.5 / 4.6 DQL Injection / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-9872
28 Jan 2017 — EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. EMC Documentum D2 versión 4.5 y EMC Documentum D2 versión 4.6 han reflejado vulnerabilidades de XSS que potencialmente podrían ser explotadas por usuarios malintencionados para comprometer el sistema afectado. EMC Documentum versions 4.5 and 4.6 suffer from DQL injection and cross site scripting vulnerabil... • http://www.securityfocus.com/archive/1/540060/30/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9873 – EMC Documentum D2 4.5 / 4.6 DQL Injection / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-9873
28 Jan 2017 — EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. EMC Documentum D2 versión 4.5 y EMC Documentum D2 versión 4.6 tiene una Vulnerabilidad de Inyección DQL que potencia... • http://www.securityfocus.com/archive/1/540060/30/0/threaded • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6644 – EMC Documentum D2 Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-6644
13 Sep 2016 — EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. EMC Documentum D2 4.5 en versiones anteriores a patch 15 y 4.6 en versiones anteriores a patch 03 permite a atacantes remotos leer documentos Docbase arbitrarios aprovechando el conocimiento de un valor r_object_id. EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise... • http://seclists.org/bugtraq/2016/Sep/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0888 – EMC Documentum D2 4.6 Configuration Object
https://notcve.org/view.php?id=CVE-2016-0888
05 Apr 2016 — EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. EMC Documentum D2 en versiones anteriores a 4.6 carece de ACLs destinadas a objetos de configuración, lo que permite a usuarios remotos autenticados modificar objetos a través de vectores no especificados. EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform ... • http://seclists.org/bugtraq/2016/Apr/20 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4537 – EMC Documentum D2 Fail Open
https://notcve.org/view.php?id=CVE-2015-4537
22 Aug 2015 — Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive. Vulnerabilidad en Lockbox en EMC Documentum D2 anterior a 4.5, utiliza una frase de acceso embebida cuando a un servidor le falta el fichero D2.Lockbox, lo que hace que sea más fácil para los usuarios remotos autenticados descifrar tickets de administración mediante ... • http://seclists.org/bugtraq/2015/Aug/117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0547 – EMC Documentum D2 DQL Injection
https://notcve.org/view.php?id=CVE-2015-0547
02 Jul 2015 — The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. El método de servicio D2CenterstageService.getComments en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyección Documentum Query Language (DQL) ... • http://seclists.org/bugtraq/2015/Jul/10 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0548 – EMC Documentum D2 DQL Injection
https://notcve.org/view.php?id=CVE-2015-0548
02 Jul 2015 — The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. El método de servicio D2DownloadService.getDownloadUrls en EMC Documentum D2 4.1 y 4.2 anterior a 4.2 P16 y 4.5 anterior a P03 permite a usuarios remotos autenticados realizar ataques de inyección Documentum Query Language (DQL... • http://seclists.org/bugtraq/2015/Jul/10 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0549 – EMC Documentum D2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-0549
23 Jun 2015 — Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC Documentum D2 anterior a 4.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. EMC Documentum D2 contains a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected sys... • http://seclists.org/bugtraq/2015/Jun/113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0517 – EMC Documentum D2 Information Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-0517
04 Feb 2015 — The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. El componente D2-API en EMC Documentum D2 3.1 hasta SP1, 4.0 y 4.1 anterior a 4.1 P22, y 4.2 anterior a P11 coloca el hash MD5 una frase de contraseña de cifrado en ficheros de registros, lo que permite a usuarios remotos autenticados obtener informació... • http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •