Vulnerabilities > CVE-2016-0882 - Unspecified vulnerability in EMC Documentum XCP 2.1/2.2

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

emc

NVD

Published: 2016-02-12

Updated: 2017-01-11

Summary

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Documentum XCP 2.1 EMC Documentum XCP 2.2	2

References

http://seclists.org/bugtraq/2016/Feb/66
http://www.securitytracker.com/id/1034993