CVE-2015-0551 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Documentum Administrator Documentum Digital Asset Manager Documentum Taskspace Documentum Web Publisher Documentum Webtop

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_administrator:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_administrator:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_administrator:7.0:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.1:::::::*
	cpe:2.3:a:emc:documentum_administrator:7.2:::::::*
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_webtop:6.7:sp2::::::
	cpe:2.3:a:emc:documentum_webtop:6.8:::::::*

No data.

References

Link	Providers
http://seclists.org/bugtraq/2015/Jul/9
http://www.securitytracker.com/id/1032770

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2015-07-04T14:00:00

Updated: 2024-08-06T04:10:10.974Z

Reserved: 2014-12-17T00:00:00

Link: CVE-2015-0551

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-07-04T14:59:00.090

Modified: 2016-12-28T02:59:03.290

Link: CVE-2015-0551

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "1032770", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2015-0551", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032770", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2015/Jul/9"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:10:10.974Z"}, "title": "CVE Program Container", "references": [{"name": "1032770", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032770"}, {"name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2015/Jul/9"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2015-0551", "datePublished": "2015-07-04T14:00:00", "dateReserved": "2014-12-17T00:00:00", "dateUpdated": "2024-08-06T04:10:10.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "0A289F06-4D31-4963-8D2F-D2E8F2146D5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E63A8B26-9B98-47CB-8CB6-896ACFC85FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*", "matchCriteriaId": "8B5E3E9B-9BD5-4B1B-B197-C5F1C673134E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "A2E8773E-616D-467F-9361-B4F71E42EB26", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "E61EE60F-D408-4253-997F-160FA741E6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*", "matchCriteriaId": "527D5B22-B332-4CB8-9595-003E5B70EC57", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "5AC64E73-EBBF-4851-BB86-394941CA4625", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "C3AA619F-A9DF-489C-A6BA-BF044B3C20BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-0551", "lastModified": "2016-12-28T02:59:03.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-04T14:59:00.090", "references": [{"source": "security_alert@emc.com", "url": "http://seclists.org/bugtraq/2015/Jul/9"}, {"source": "security_alert@emc.com", "url": "http://www.securitytracker.com/id/1032770"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}