CVE-2016-0881

MEDIUM

EMC Documentum xCP <2.1-2.2 - SQL Injection

Title source: llm

Description

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.

References (2)

[Third Party Advisory, VDB Entry] http://seclists.org/bugtraq/2016/Feb/66

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034993

Scores

CVSS v3 6.5

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-74

Status draft

Affected Products (2)

emc/documentum_xcp

Timeline

Published Feb 12, 2016

Tracked Since Feb 18, 2026