CVE-2014-2520

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
emcdocumentum_content_server
𝑥
≤ 6.7
emcdocumentum_content_server
6.0
emcdocumentum_content_server
6.5
emcdocumentum_content_server
6.5:sp1
emcdocumentum_content_server
6.5:sp2
emcdocumentum_content_server
6.5:sp3
emcdocumentum_content_server
6.6
emcdocumentum_content_server
6.7
emcdocumentum_content_server
6.7:sp1
emcdocumentum_content_server
7.0
emcdocumentum_content_server
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60571
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369
http://secunia.com/advisories/60571
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369