CVE-2015-0551 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Emc	Documentum Web Publisher Documentum Webtop Documentum Administrator Documentum Taskspace Documentum Digital Asset Manager

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_administrator:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_administrator:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_administrator:7.0:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.1:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.2:::::::*
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_webtop:6.8:::::::*

References

Link	Resource
http://seclists.org/bugtraq/2015/Jul/9
http://www.securitytracker.com/id/1032770

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2015-07-04T14:00:00

Updated: 2016-12-23T18:57:01

Reserved: 2014-12-17T00:00:00

Link: CVE-2015-0551

JSON object: View

NVD Information

Status : Modified

Published: 2015-07-04T14:59:00.090

Modified: 2016-12-28T02:59:03.290

Link: CVE-2015-0551

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1032770", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2015-0551", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032770", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2015/Jul/9"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2015-0551", "datePublished": "2015-07-04T14:00:00", "dateReserved": "2014-12-17T00:00:00", "dateUpdated": "2016-12-23T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*", "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*", "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-0551", "lastModified": "2016-12-28T02:59:03.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-04T14:59:00.090", "references": [{"source": "security_alert@emc.com", "url": "http://seclists.org/bugtraq/2015/Jul/9"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1032770"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}