CVE-2014-4636

EPSS 0.14%
Published 07.01.2015 02:59:17
Last modified 12.04.2025 10:46:40
Source security_alert@emc.com
Teams watchlist Login
Open Login

Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Documentum Wdk Updatesp2 Version <= 6.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.305

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html

http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html

http://www.securitytracker.com/id/1031497

https://nvd.nist.gov/vuln/detail/CVE-2014-4636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4636

EUVD