← Back

CVE-2014-2504

nvd nist
Published: May 26, 2014Modified: May 6, 2026

JSON object

Loading...
9.0
Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 8.0 / Impact: 10.0
Source: NVD

Description

EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.

Affected (5)

Products: Emc: Documentum D2
Emc
1 product
Documentum D2
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Emc
Documentum D2
Version 3.1
Documentum D2
Version 3.1 sp1
Documentum D2
Version 4.0
Documentum D2
Version 4.1
Documentum D2
Version 4.2

Related CWEs

CWE-264
CWE-264

References (6)

Source: security_alert@emc.com
Source: security_alert@emc.com
Source: security_alert@emc.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.