CVE-2014-2520

EMC Documentum Content Server < 6.7 SP2 P16 and 7.x < 7.1 P07 - Authenticated DQL Injection via Oracle Database Hints

Title source: llm
STIX 2.1

Description

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030743
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533162/30/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60571
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69274

Scores

EPSS 0.0042
EPSS Percentile 62.2%

Details

CWE
CWE-264
Status published
Products (7)
emc/documentum_content_server 6.0
emc/documentum_content_server 6.5 (4 CPE variants)
emc/documentum_content_server 6.6
emc/documentum_content_server 6.7 (2 CPE variants)
emc/documentum_content_server 7.0
emc/documentum_content_server 7.1
emc/documentum_content_server < 6.7
Published Aug 20, 2014
Tracked Since Feb 18, 2026