CVE-2013-6174 - OpenCVE

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Document Sciences Xpression

Configuration 1 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-::documentum:::
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-::documentum:::
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-::documentum:::

Configuration 2 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine

Configuration 3 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
http://www.kb.cert.org/vuls/id/346982
http://www.securityfocus.com/bid/63810
http://www.securitytracker.com/id/1029384

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2013-11-21T02:00:00

Updated: 2024-08-06T17:29:43.014Z

Reserved: 2013-10-21T00:00:00

Link: CVE-2013-6174

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-11-21T04:40:59.110

Modified: 2015-07-22T17:52:28.327

Link: CVE-2013-6174

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-19T17:57:00", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"}, {"name": "1029384", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029384"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"}, {"name": "63810", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63810"}, {"name": "VU#346982", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/346982"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2013-6174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"}, {"name": "1029384", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029384"}, {"name": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"}, {"name": "63810", "refsource": "BID", "url": "http://www.securityfocus.com/bid/63810"}, {"name": "VU#346982", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/346982"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:43.014Z"}, "title": "CVE Program Container", "references": [{"name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"}, {"name": "1029384", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029384"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"}, {"name": "63810", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/63810"}, {"name": "VU#346982", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/346982"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2013-6174", "datePublished": "2013-11-21T02:00:00", "dateReserved": "2013-10-21T00:00:00", "dateUpdated": "2024-08-06T17:29:43.014Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*", "matchCriteriaId": "77E14258-E508-4508-A8D9-1DD1FAF1E409", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*", "matchCriteriaId": "1DE2E916-23D6-4D20-AAFB-FA26EF9B371D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*", "matchCriteriaId": "41C367DF-1FE4-4E56-8A01-E63DFFE44068", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine", "matchCriteriaId": "430FC38B-D983-43D4-AAF3-2D4039D0BE31", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine", "matchCriteriaId": "B9A60542-B868-4F1A-9026-A694A53A223F", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine", "matchCriteriaId": "EF09806D-23FE-4ECF-8689-E94D3D28E8C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine", "matchCriteriaId": "17E73BF4-ADFC-4B20-9614-30E67E75F16F", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine", "matchCriteriaId": "2BCCDFAE-3909-4FE3-92CB-F07ADC815F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine", "matchCriteriaId": "C900B51A-4065-4B1F-A107-99FD391B9A4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en xAdmin en EMC Document Sciences xPression 4.1 SP1 anterior a la versi\u00f3n Patch 47, 4.2 anterior a Patch 26, y 4.5 anterior a la versi\u00f3n Patch 05, tal y como se usa en Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2013-6174", "lastModified": "2015-07-22T17:52:28.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-11-21T04:40:59.110", "references": [{"source": "security_alert@emc.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"}, {"source": "security_alert@emc.com", "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"}, {"source": "security_alert@emc.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/346982"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/63810"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1029384"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}