7.5
CVE-2014-2503
- EPSS 0.35%
- Veröffentlicht 06.06.2014 00:55:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Emc ≫ Documentum Digital Asset Manager Version6.5 Updatesp3
Emc ≫ Documentum Digital Asset Manager Version6.5 Updatesp4
Emc ≫ Documentum Digital Asset Manager Version6.5 Updatesp5
Emc ≫ Documentum Digital Asset Manager Version6.5 Updatesp6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.543 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.