Описание
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emc:documentum_xcp:2.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_xcp:2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00282
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
EPSS
Процентиль: 51%
0.00282
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-74