CVE-2014-2508

EMC Documentum Content Server <6.7 SP1 P28-7.1 P05 - SQL Injection

Title source: llm

Description

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67918

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2014-06/0051.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030339

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/532596/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/126960/EMC-Documentum-Content-Server-Escalation-Injection.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/58954

Scores

EPSS 0.0058

EPSS Percentile 69.2%

Details

CWE

CWE-20

Status published

Products (7)

emc/documentum_content_server 6.0

emc/documentum_content_server 6.5 (4 CPE variants)

emc/documentum_content_server 6.6

emc/documentum_content_server 6.7 (2 CPE variants)

emc/documentum_content_server 7.0

emc/documentum_content_server 7.1

emc/documentum_content_server < 6.7

Published Jun 08, 2014

Tracked Since Feb 18, 2026