CVE-2014-2520

EUVD-2014-2556
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
emcdocumentum_content_server
𝑥
≤ 6.7
emcdocumentum_content_server
6.0
emcdocumentum_content_server
6.5
emcdocumentum_content_server
6.5:sp1
emcdocumentum_content_server
6.5:sp2
emcdocumentum_content_server
6.5:sp3
emcdocumentum_content_server
6.6
emcdocumentum_content_server
6.7
emcdocumentum_content_server
6.7:sp1
emcdocumentum_content_server
7.0
emcdocumentum_content_server
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60571
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369
http://secunia.com/advisories/60571
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369