CVE-2016-0881

Published: Feb 12, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.

Affected (2)

Products: Emc: Documentum Xcp

Emc

1 product

Documentum Xcp

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Documentum Xcp	Version 2.1
Emc Documentum Xcp	Version 2.2

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (4)

http://seclists.org/bugtraq/2016/Feb/66

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034993

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/bugtraq/2016/Feb/66

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034993

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.