CVE-2016-0914

MEDIUM

EMC Documentum <7.2-6.8 - Auth Bypass

Title source: llm

Description

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.

References (2)

[Third Party Advisory, VDB Entry] http://seclists.org/bugtraq/2016/Jun/92

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036153

Scores

CVSS v3 6.3

EPSS 0.0016

EPSS Percentile 36.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-284

Status draft

Affected Products (8)

emc/documentum_administrator

emc/documentum_capital_projects

emc/documentum_taskspace

emc/documentum_webtop

Timeline

Published Jun 23, 2016

Tracked Since Feb 18, 2026