CVE-2013-6177 - Vulnerability Details

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00406.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Document Sciences Xpression

Configuration 1 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine

Configuration 2 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine

Configuration 3 [-]

OR	cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-::documentum:::
	cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-::documentum:::
	cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-::documentum:::

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-6006	Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
http://www.kb.cert.org/vuls/id/346982
http://www.securitytracker.com/id/1029384

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2013-11-21T02:00:00

Updated: 2024-08-06T17:29:42.994Z

Reserved: 2013-10-21T00:00:00

Link: CVE-2013-6177

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-11-21T04:40:59.157

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-6177

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object