Unrated severityNVD Advisory· Published Aug 20, 2014· Updated Jun 17, 2026
CVE-2014-2520
CVE-2014-2520
Description
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
Affected products
12cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*range: <=6.7
- (no CPE)range: <6.7 SP2 P16, <7.1 P07
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.