CVE-2016-9873
MEDIUMEMC Documentum D2 4.5 and 4.6 - Authenticated DQL Injection
Title source: llmDescription
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95828
Third Party Advisory x_refsource_confirm
http://www.securityfocus.com/archive/1/540060/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037733
Scores
CVSS v3
6.3
EPSS
0.0059
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-77
Status
published
Products (3)
emc/documentum_d2
4.5
emc/documentum_d2
4.6
n/a/EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026