CVE-2016-0914 — MEDIUM (6.3)

Vulnerability Description

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.

CVSS Score

6.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Emc	Documentum Administrator	7.0
Emc	Documentum Capital Projects	1.9
Emc	Documentum Taskspace	6.7
Emc	Documentum Webtop	6.8

Related Weaknesses (CWE)

CWE-284

References

http://seclists.org/bugtraq/2016/Jun/92Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036153Third Party AdvisoryVDB Entry
http://seclists.org/bugtraq/2016/Jun/92Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036153Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-0914?

CVE-2016-0914 is a vulnerability with a CVSS score of 6.3 (MEDIUM). EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Doc...

How severe is CVE-2016-0914?

CVE-2016-0914 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0914?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Administrator, Emc Documentum Capital Projects, Emc Documentum Taskspace, Emc Documentum Webtop.