Computer Security
[EN] no-pyccku

EMC Documentum eRoom security vulnerabilities
updated since 18.03.2012
SecurityVulns ID:12259
Threat Level:
Description:replay attacks and crossite scripting.
Affected:EMC : Documentum eRoom 7.4
CVE:CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom (20.03.2012)
 documentEMC, ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities (18.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod