1. CVE-Search
  2. CVE-2014-4639
ID CVE-2014-4639
Summary EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.
References
Vulnerable Configurations
  • cpe:2.3:a:emc:documentum_wdk:6.7:sp2:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_wdk:6.7:sp2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:35)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities
misc http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html
sectrack 1031497
xf documentum-wdk-cve20144639-weak-security(99636)
Last major update 29-08-2017 - 01:35
Published 07-01-2015 - 02:59
Last modified 29-08-2017 - 01:35
Back to Top