CVE-2013-6174

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2013-6173, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177

Published on 21/11/13 - Updated on 22/07/15

Description

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2013-6174
Renater 2013/VULN520

Exploits

SecurityFocusBID-63810

Relative technologies

VendorProduct
emcdocument_sciences_xpression

Share this vulnerability with:

Twitter Facebook LinkedIn Mail