CVE-2015-0548
EMC Documentum D2 4.1, 4.2 < P16, 4.5 < P03 - Authenticated DQL Injection via D2DownloadService.getDownloadUrls
Title source: llmDescription
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032769
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Jul/10
Scores
EPSS
0.0016
EPSS Percentile
36.0%
Details
CWE
CWE-20
Status
published
Products (3)
emc/documentum_d2
4.1
emc/documentum_d2
4.2
emc/documentum_d2
4.5
Published
Jul 04, 2015
Tracked Since
Feb 18, 2026