PT-2017-10372 · Emc · Emc Documentum D2

Published

2017-02-03

Updated

2017-07-25

CVE-2016-9873

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EMC Documentum D2 versions 4.5 through 4.6

Description The issue allows an authenticated low-privileged attacker to potentially exploit it and access information, modify data, or disrupt services by causing execution of arbitrary DQL commands on the application.

Recommendations For EMC Documentum D2 version 4.5, update to a version that fixes the DQL Injection issue. For EMC Documentum D2 version 4.6, update to a version that fixes the DQL Injection issue. As a temporary workaround, consider restricting access to the DQL commands to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2016-9873

Affected Products

Emc Documentum D2

PT-2017-10372 · Emc · Emc Documentum D2

CVE-2016-9873

Weakness Enumeration

Related Identifiers

Affected Products

References · 5