CVE-2014-2518

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.

Published: Aug 20, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2518
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
emc / documentum_webtop	6.7-sp1	6.7-sp1.x
emc / documentum_administrator	6.7-sp2	6.7-sp2.x
emc / web_publishers	6.5-sp7	6.5-sp7.x
emc / documentum_capital_projects	1.8	1.8.x
emc / documentum_records_manager	6.7-sp1	6.7-sp1.x
emc / documentum_administrator	6.7-sp1	6.7-sp1.x
emc / web_publishers	6.5-sp6	6.5-sp6.x
emc / documentum_wdk	6.7-sp2	6.7-sp2.x
emc / documentum_webtop	6.7-sp2	6.7-sp2.x
emc / documentum_administrator	6.7	6.7.x
emc / documentum_records_manager	6.7	6.7.x
emc / digital_assets_manager	6.5-sp5	6.5-sp5.x
emc / engineering_plant_facilities_management_solution_for_documentum	1.7-sp1	1.7-sp1.x
emc / documentum_administrator	7.1	7.1.x
emc / documentum_wdk	6.7-sp1	6.7-sp1.x
emc / digital_assets_manager	6.5	6.5.x
emc / documentum_capital_projects	1.9	1.9.x
emc / task_space	6.7-sp1	6.7-sp1.x
emc / documentum_webtop	6.7	6.7.x
emc / documentum_records_manager	6.7-sp2	6.7-sp2.x
emc / digital_assets_manager	6.5-sp6	6.5-sp6.x
emc / documentum_administrator	7.0	7.0.x
emc / task_space	6.7-sp2	6.7-sp2.x

Vulnerability Database

CVE-2014-2518

Deep Security Visibility Without the Complexity