CVE-2016-9873

Name of the Vulnerable Software and Affected Versions EMC Documentum D2 versions 4.5 through 4.6

Description The issue allows an authenticated low-privileged attacker to potentially exploit it and access information, modify data, or disrupt services by causing execution of arbitrary DQL commands on the application.

Recommendations For EMC Documentum D2 version 4.5, update to a version that fixes the DQL Injection issue. For EMC Documentum D2 version 4.6, update to a version that fixes the DQL Injection issue. As a temporary workaround, consider restricting access to the DQL commands to minimize the risk of exploitation.