CVE-2014-2503

EUVD-2014-2539
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
emcdocumentum_digital_asset_manager
6.5:sp3
emcdocumentum_digital_asset_manager
6.5:sp4
emcdocumentum_digital_asset_manager
6.5:sp5
emcdocumentum_digital_asset_manager
6.5:sp6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html
http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html
http://www.securityfocus.com/bid/67868
http://www.securitytracker.com/id/1030348
http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html
http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html
http://www.securityfocus.com/bid/67868
http://www.securitytracker.com/id/1030348