Description
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60563
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69277
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533159/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95365
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030742
Scores
EPSS
0.0020
EPSS Percentile
41.8%
Details
CWE
CWE-352
Status
published
Products (12)
emc/digital_assets_manager
6.5 (3 CPE variants)
emc/documentum_administrator
6.7 (3 CPE variants)
emc/documentum_administrator
7.0
emc/documentum_administrator
7.1
emc/documentum_capital_projects
1.8
emc/documentum_capital_projects
1.9
emc/documentum_records_manager
6.7 (3 CPE variants)
emc/documentum_wdk
6.7 sp1 (2 CPE variants)
emc/documentum_webtop
6.7 (3 CPE variants)
emc/engineering_plant_facilities_management_solution_for_documentum
1.7 sp1
... and 2 more
Published
Aug 20, 2014
Tracked Since
Feb 18, 2026