CVE-2016-9873

MEDIUM

EMC Documentum D2 - Command Injection

Title source: rule

Description

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.

References (3)

[Third Party Advisory] http://www.securityfocus.com/archive/1/540060/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95828

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037733

Scores

CVSS v3 6.3

EPSS 0.0059

EPSS Percentile 68.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-77

Status published

Affected Products (3)

emc/documentum_d2

n/a/EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 < EMC Documentum D2 EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6

Timeline

Published Feb 03, 2017

Tracked Since Feb 18, 2026