Vulnerabilities > EMC > Documentum Eroom

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2017-2766 Weak Password Recovery Mechanism for Forgotten Password vulnerability in EMC Documentum Eroom 7.4.4/7.4.5/7.5.0
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-640
7.5
7.5
2014-07-01 CVE-2014-2512 Cross-Site Scripting vulnerability in EMC Documentum Eroom 7.4.3/7.4.4
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
3.5
3.5
2013-11-06 CVE-2013-3286 Cross-Site Scripting vulnerability in EMC Documentum Eroom
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
emc CWE-79
4.3
4.3
2012-03-15 CVE-2012-0404 Cross-Site Scripting vulnerability in EMC Documentum Eroom
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
emc CWE-79
4.3
4.3
2012-03-15 CVE-2012-0398 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.
network
low complexity
emc CWE-264
7.5
7.5
2011-11-09 CVE-2011-2739 Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.
network
emc CWE-264
8.5
8.5
2011-07-19 CVE-2011-1741 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Eroom 7.4.1/7.4.2/7.4.3
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
network
low complexity
emc CWE-119
critical
 10.0
10