CVE-2014-2503

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

Published: Jun 6, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2503
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
emc / documentum_digital_asset_manager	6.5-sp4	6.5-sp4.x
emc / documentum_digital_asset_manager	6.5-sp3	6.5-sp3.x
emc / documentum_digital_asset_manager	6.5-sp5	6.5-sp5.x
emc / documentum_digital_asset_manager	6.5-sp6	6.5-sp6.x

http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html
http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html
http://www.securityfocus.com/bid/67868
http://www.securitytracker.com/id/1030348

Vulnerability Database

290,020

CVE-2014-2503