CVE-2013-6177

EPSS 0.41%
Veröffentlicht 21.11.2013 04:40:59
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Document Sciences Xpression Version4.1 Updatesp1 Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.2 Update- Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.5 Update- Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.1 Updatesp1 Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.2 Update- Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.5 Update- Edition- SwEditionenterprise SwPlatform- HwPlatform-

Emc ≫ Document Sciences Xpression Version4.1 Updatesp1 Edition- SwEditiondocumentum

Emc ≫ Document Sciences Xpression Version4.2 Update- Edition- SwEditiondocumentum

Emc ≫ Document Sciences Xpression Version4.5 Update- Edition- SwEditiondocumentum

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.581

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html

http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html

http://www.kb.cert.org/vuls/id/346982

US Government Resource

http://www.securitytracker.com/id/1029384

https://nvd.nist.gov/vuln/detail/CVE-2013-6177

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6177

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6177

EUVD