Unrated severityNVD Advisory· Published Jul 4, 2015· Updated May 6, 2026

CVE-2015-0548

Description

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Affected products

EMC Corporation/Documentum D23 versions
cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/bugtraq/2015/Jul/10nvd
www.securitytracker.com/id/1032769nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000