5.5
CVE-2016-0882
- EPSS 0.48%
- Published 12.02.2016 01:59:01
- Last modified 12.04.2025 10:46:40
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Data is provided by the National Vulnerability Database (NVD)
Emc ≫ Documentum Xcp Version2.1
Emc ≫ Documentum Xcp Version2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.642 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:P
|