VYPR
Unrated severityNVD Advisory· Published Aug 20, 2014· Updated Jun 17, 2026

CVE-2014-2520

CVE-2014-2520

Description

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Affected products

12
  • cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:emc:documentum_content_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.5:sp1:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.5:sp2:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.5:sp3:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.7:-:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:6.7:sp1:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_content_server:*:sp2:*:*:*:*:*:*range: <=6.7
    • (no CPE)range: <6.7 SP2 P16, <7.1 P07

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.