EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
BID:69274
Info
EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
| Bugtraq ID: | 69274 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-2520 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 18 2014 12:00AM |
| Updated: | Dec 16 2014 06:57AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
EMC Documentum Content Server is prone to a DQL-injection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit will allow an attacker to compromise the application, access data, or exploit latent vulnerabilities in the underlying database.
EMC Documentum Content Server is prone to a DQL-injection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit will allow an attacker to compromise the application, access data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
EMC Documentum Content Server CVE-2014-2520 Documentum Query Language Injection Vulnerability
References:
References:
- EMC Homepage (EMC)