6.5

CVE-2016-0914

EPSS 0.16%
Published 23.06.2016 00:59:01
Last modified 12.04.2025 10:46:40
Source security_alert@emc.com
Teams watchlist Login
Open Login

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Documentum Administrator Version7.0

Emc ≫ Documentum Administrator Version7.1

Emc ≫ Documentum Administrator Version7.2

Emc ≫ Documentum Capital Projects Version1.9

Emc ≫ Documentum Capital Projects Version1.10

Emc ≫ Documentum Taskspace Version6.7 Updatesp3

Emc ≫ Documentum Webtop Version6.8

Emc ≫ Documentum Webtop Version6.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.374

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	2.8	3.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://seclists.org/bugtraq/2016/Jun/92

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1036153

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-0914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0914

EUVD