Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-2520

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Published

2014-08-20T11:17:13.953

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application emc documentum_content_server ≤ 6.7 Yes
Application emc documentum_content_server 6.0 Yes
Application emc documentum_content_server 6.5 Yes
Application emc documentum_content_server 6.5 Yes
Application emc documentum_content_server 6.5 Yes
Application emc documentum_content_server 6.5 Yes
Application emc documentum_content_server 6.6 Yes
Application emc documentum_content_server 6.7 Yes
Application emc documentum_content_server 6.7 Yes
Application emc documentum_content_server 7.0 Yes
Application emc documentum_content_server 7.1 Yes
References