Computer Security
[EN] securityvulns.ru no-pyccku


EMC Documentum eRoom security vulnerabilities
updated since 18.03.2012
Published:20.03.2012
Source:
SecurityVulns ID:12259
Type:remote
Threat Level:
5/10
Description:replay attacks and crossite scripting.
Affected:EMC : Documentum eRoom 7.4
CVE:CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom (20.03.2012)
 documentEMC, ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities (18.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod