EMC Documentum D2 4.1 / 4.2.x < 4.2 P16 / 4.5.x < 4.5 P03 Multiple DQL Injection Vulnerabilities

Medium Nessus Plugin ID 84640


The remote host is affected by multiple DQL injection vulnerabilities.


The EMC Documentum D2 running on the remote host is affected by DQL injection vulnerabilities in the D2CenterstageService.getComments and D2DownloadService.getDownloadUrls services due to a failure to sanitize user-supplied input. A remote, authenticated attacker can exploit these to bypass read-access restrictions, allowing the disclosure of sensitive data in the database.


Upgrade to EMC D2 Documentum 4.2 P16 / 4.5 P03 or later.

See Also


Plugin Details

Severity: Medium

ID: 84640

File Name: emc_documentum_d2_ESA-2015-108.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Misc.

Published: 2015/07/09

Modified: 2015/07/10

Dependencies: 77303

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_d2

Required KB Items: installed_sw/EMC Documentum D2

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/07/01

Vulnerability Publication Date: 2015/07/01

Reference Information

CVE: CVE-2015-0547, CVE-2015-0548

BID: 75517

OSVDB: 124015, 124016