CVE-2013-6173

EMC Document Sciences xPression 4.1 SP1-4.5 - Cross-Site Request Forgery in xAdmin and xDashboard

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.

References (5)

Core 5

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029384

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/99985

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/346982

Scores

EPSS 0.0012

EPSS Percentile 30.7%

Details

CWE

CWE-352

Status published

Products (3)

emc/document_sciences_xpression 4.1 sp1 (3 CPE variants)

emc/document_sciences_xpression 4.2 (3 CPE variants)

emc/document_sciences_xpression 4.5 (3 CPE variants)

Published Nov 21, 2013

Tracked Since Feb 18, 2026