cnvd-2017-00983
Vulnerability from cnvd

Title: 多款EMC产品HTML注入漏洞

Description:

EMC Documentum WebTop等都是美国易安信(EMC)公司的产品。EMC Documentum WebTop是一套允许用户在标准浏览器应用中访问Documentum存储库和内容管理服务的产品。Documentum Administrator是一套基于Web用来执行Documentum系统管理任务的开发工具。

多款EMC产品存在HTML注入漏洞。由于程序未能充分验证用户输入。攻击者可利用特制的HTML或JavaScript代码在受影响的网站中运行,窃取基于cookie的认证证书,控制网站呈现给用户的内容。

Severity:

Patch Name: 多款EMC产品HTML注入漏洞的补丁

Patch Description:

EMC Documentum WebTop等都是美国易安信(EMC)公司的产品。EMC Documentum WebTop是一套允许用户在标准浏览器应用中访问Documentum存储库和内容管理服务的产品。Documentum Administrator是一套基于Web用来执行Documentum系统管理任务的开发工具。

多款EMC产品存在HTML注入漏洞。由于程序未能充分验证用户输入。攻击者可利用特制的HTML或JavaScript代码在受影响的网站中运行,窃取基于cookie的认证证书,控制网站呈现给用户的内容。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息: https://www.emc.com/zh-cn/index.htm

Reference: http://www.securityfocus.com/bid/95625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213

Impacted products
Name
['EMC Documentum Administrator 7.2', 'EMC Documentum Administrator 7.0', 'EMC Documentum Administrator 7.1', 'EMC Documentum Capital Projects 1.9', 'EMC Documentum Capital Projects 1.10', 'EMC Documentum Taskspace 6.7 SP3', 'EMC Documentum Webtop 6.8.1', 'EMC Documentum Webtop 6.8']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "95625"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8213",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8213"
    }
  },
  "description": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002",
  "discovererName": "EMC",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.emc.com/zh-cn/index.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00983",
  "openTime": "2017-02-06",
  "patchDescription": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Documentum Administrator 7.2",
      "EMC Documentum Administrator 7.0",
      "EMC Documentum Administrator 7.1",
      "EMC Documentum Capital Projects 1.9",
      "EMC Documentum Capital Projects 1.10",
      "EMC Documentum Taskspace 6.7 SP3",
      "EMC Documentum Webtop 6.8.1",
      "EMC Documentum Webtop  6.8"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95625\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-20",
  "title": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.