EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2016/Feb/66 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1034993 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-02-11 17:59
Updated : 2017-01-10 20:11
NVD link : CVE-2016-0882
Mitre link : CVE-2016-0882
JSON object : View
CWE
Products Affected
emc
- documentum_xcp