CVE-2014-2520

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Published: Aug 20, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2520
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.3
AV:N/AC:M/Au:S/C:C/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
emc / documentum_content_server	6.7	6.7.x
emc / documentum_content_server	7.0	7.0.x
emc / documentum_content_server	6.0	6.0.x
emc / documentum_content_server	6.5-sp2	6.5-sp2.x
emc / documentum_content_server	6.5	6.5.x
emc / documentum_content_server	6.6	6.6.x
emc / documentum_content_server	6.5-sp1	6.5-sp1.x
emc / documentum_content_server	7.1	7.1.x
emc / documentum_content_server	-	6.7.x
emc / documentum_content_server	6.5-sp3	6.5-sp3.x
emc / documentum_content_server	6.7-sp1	6.7-sp1.x

http://secunia.com/advisories/60571
http://www.securityfocus.com/archive/1/533162/30/0/threaded
http://www.securityfocus.com/bid/69274
http://www.securitytracker.com/id/1030743
https://exchange.xforce.ibmcloud.com/vulnerabilities/95369

Vulnerability Database

289,784

CVE-2014-2520