Vulnerabilities > EMC > Documentum D2 > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-9873 Command Injection vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-77
6.5
2017-02-03 CVE-2016-9872 Cross-site Scripting vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
network
emc CWE-79
4.3
2016-09-17 CVE-2016-6644 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum D2 4.5/4.6
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
network
low complexity
emc CWE-264
5.0
2015-07-04 CVE-2015-0548 Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
network
low complexity
emc CWE-20
4.0
2015-07-04 CVE-2015-0547 Improper Input Validation vulnerability in EMC Documentum D2 4.1/4.2/4.5
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.
network
low complexity
emc CWE-20
4.0
2015-02-14 CVE-2015-0517 Information Exposure vulnerability in EMC Documentum D2
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
network
low complexity
emc CWE-200
4.0