CVE-2014-2520

Description

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://secunia.com/advisories/60571
• http://www.securityfocus.com/archive/1/533162/30/0/threaded
• http://www.securityfocus.com/bid/69274
• http://www.securitytracker.com/id/1030743
• https://exchange.xforce.ibmcloud.com/vulnerabilities/95369
• http://secunia.com/advisories/60571
• http://www.securityfocus.com/archive/1/533162/30/0/threaded
• http://www.securityfocus.com/bid/69274
• http://www.securitytracker.com/id/1030743
• https://exchange.xforce.ibmcloud.com/vulnerabilities/95369

CWEs

CWE-264

💬 Discuss CVE-2014-2520 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.