Vulnerabilities > EMC > Documentum D2

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-9873 Command Injection vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-77
6.5
2017-02-03 CVE-2016-9872 Cross-site Scripting vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
network
emc CWE-79
4.3
2016-09-17 CVE-2016-6644 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
network
low complexity
emc CWE-264
5.0
2016-04-07 CVE-2016-0888 Remote Security Bypass vulnerability in EMC Documentum D2
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
network
low complexity
emc
critical
9.0
2015-08-22 CVE-2015-4537 Information Exposure vulnerability in EMC Documentum D2
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
network
emc CWE-200
3.5
2015-07-04 CVE-2015-0548 Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
network
low complexity
emc CWE-20
4.0
2015-07-04 CVE-2015-0547 Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
network
low complexity
emc CWE-20
4.0
2015-06-28 CVE-2015-0549 Cross-site Scripting vulnerability in EMC Documentum D2
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
2015-02-14 CVE-2015-0518 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
network
low complexity
emc CWE-264
critical
9.0
2015-02-14 CVE-2015-0517 Information Exposure vulnerability in EMC Documentum D2
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
network
low complexity
emc CWE-200
4.0