CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
emcdocumentum_d2
4.1
emcdocumentum_d2
4.2
emcdocumentum_d2
4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2015/Jul/10
http://www.securitytracker.com/id/1032769
http://seclists.org/bugtraq/2015/Jul/10
http://www.securitytracker.com/id/1032769