NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:emc:documentum_wdk:6.7:sp2:*:*:*:*:*:*
CPE Name Search: true

There are 10 matching records.

Displaying matches 1 through 10.

Vuln ID	Summary	CVSS Severity
CVE-2014-4639	EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. Published: January 06, 2015; 9:59:19 PM -0500	V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM
CVE-2014-4638	EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. Published: January 06, 2015; 9:59:18 PM -0500	V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM
CVE-2014-4637	Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. Published: January 06, 2015; 9:59:18 PM -0500	V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM
CVE-2014-4636	Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. Published: January 06, 2015; 9:59:17 PM -0500	V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM
CVE-2014-4635	Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 06, 2015; 9:59:16 PM -0500	V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2014-2518	Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. Published: August 20, 2014; 7:17:13 AM -0400	V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM
CVE-2013-3281	Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. Published: November 06, 2013; 10:55:05 AM -0500	V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2013-0939	EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. Published: May 10, 2013; 7:42:30 AM -0400	V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM
CVE-2013-0938	Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 10, 2013; 7:42:30 AM -0400	V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2013-0937	Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. Published: May 10, 2013; 7:42:29 AM -0400	V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM