CVE-2015-0548

Published: Jul 4, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Affected (3)

Products: Emc: Documentum D2

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Emc Documentum D2	Version 4.1
Emc Documentum D2	Version 4.2
Emc Documentum D2	Version 4.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://seclists.org/bugtraq/2015/Jul/10

Source: security_alert@emc.com

http://www.securitytracker.com/id/1032769

Source: security_alert@emc.com

http://seclists.org/bugtraq/2015/Jul/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032769

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.