CVE-2016-0882

Published: Feb 12, 2016Modified: May 6, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (2)

Products: Emc: Documentum Xcp

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Documentum Xcp	Version 2.1
Emc Documentum Xcp	Version 2.2

References (4)

http://seclists.org/bugtraq/2016/Feb/66

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034993

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://seclists.org/bugtraq/2016/Feb/66

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034993

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.