EMC Documentum D2 4.1 / 4.2.x < 4.2 P16 / 4.5.x < 4.5 P03 Multiple DQL Injection Vulnerabilities
Medium Nessus Plugin ID 84640
SynopsisThe remote host is affected by multiple DQL injection vulnerabilities.
DescriptionThe EMC Documentum D2 running on the remote host is affected by DQL injection vulnerabilities in the D2CenterstageService.getComments and D2DownloadService.getDownloadUrls services due to a failure to sanitize user-supplied input. A remote, authenticated attacker can exploit these to bypass read-access restrictions, allowing the disclosure of sensitive data in the database.
SolutionUpgrade to EMC D2 Documentum 4.2 P16 / 4.5 P03 or later.