CVE-2014-2503

EMC Documentum DAM 6.5 - SQL Injection

Title source: llm

Description

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030348

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67868

Scores

EPSS 0.0035

EPSS Percentile 57.0%

Classification

CWE

CWE-20

Status draft

Affected Products (4)

emc/documentum_digital_asset_manager

Timeline

Published Jun 06, 2014

Tracked Since Feb 18, 2026