Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0914

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.

Published

2016-06-23T00:59:01.223

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application emc documentum_administrator 7.0 Yes
Application emc documentum_administrator 7.1 Yes
Application emc documentum_administrator 7.2 Yes
Application emc documentum_capital_projects 1.9 Yes
Application emc documentum_capital_projects 1.10 Yes
Application emc documentum_taskspace 6.7 Yes
Application emc documentum_webtop 6.8 Yes
Application emc documentum_webtop 6.8.1 Yes
References