CVE-2013-0939

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_wdk:6.7:::::::*
	cpe:2.3:a:emc:documentum_wdk:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_taskspace:6.7:::::::*
	cpe:2.3:a:emc:documentum_webtop:6.7:::::::*
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_records_manager:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_records_manager:6.7:::::::*

Information

Published : 2013-05-10 04:42

Updated : 2013-05-10 04:42

NVD link : CVE-2013-0939

Mitre link : CVE-2013-0939

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

emc

documentum_webtop
documentum_records_manager
documentum_wdk
documentum_taskspace

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html", "name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0939", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-05-10T11:42Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_records_manager:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_records_manager:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-05-10T11:42Z"}

5.8 /10