CVE-2016-0881

MEDIUM

EMC Documentum xCP <2.1-2.2 - SQL Injection

Title source: llm
STIX 2.1

Description

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034993
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2016/Feb/66

Scores

CVSS v3 6.5
EPSS 0.0028
EPSS Percentile 51.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-74
Status published
Products (2)
emc/documentum_xcp 2.1
emc/documentum_xcp 2.2
Published Feb 12, 2016
Tracked Since Feb 18, 2026