ID CVE-2016-0888
Summary EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:documentum_d2:4.5:p14:*:*:*:*:*:*
    cpe:2.3:a:emc:documentum_d2:4.5:p14:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 11-01-2017 - 04:12)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
non_vulnerable_configuration via4
    refmap via4
    bugtraq 20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability
    sectrack 1035459
    vulnerable_product via4
    • cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:documentum_d2:4.5:p14:*:*:*:*:*:*
    Last major update 11-01-2017 - 04:12
    Published 07-04-2016 - 10:59
    Back to Top