Vulnerability Description
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum D2 | 3.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/current/0130.html
- http://secunia.com/advisories/58938
- http://www.securitytracker.com/id/1030282
- http://archives.neohapsis.com/archives/bugtraq/current/0130.html
- http://secunia.com/advisories/58938
- http://www.securitytracker.com/id/1030282
FAQ
What is CVE-2014-2504?
CVE-2014-2504 is a vulnerability with a CVSS score of 9.0 (HIGH). EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary ...
How severe is CVE-2014-2504?
CVE-2014-2504 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2504?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum D2.