Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2504

EPSS 0.33% · P56
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-2504

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
EMC Documentum D2 权限许可和访问控制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
EMC Documentum D2是美国易安信(EMC)公司的一套企业级内容管理系统。该系统通过创建、修改、跟踪等功能管理整个信息生命周期,其包括了多个扩展产品,如Documentum Web Publisher(Web内容管理)、Documentum Records Manager(记录管理)等。 EMC Documentum D2中存在安全漏洞。远程攻击者可通过调用core或D2FS web-service方法利用该漏洞绕过既定的访问限制,执行任意Documentum Query Language (
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-2504

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-2504

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-05-23 · 25 CVEs total

CVE-2013-2713KrisonAV CMS 跨站请求伪造漏洞
CVE-2013-2107WordPress Mail On Update插件跨站请求伪造漏洞
CVE-2010-5299MicroP 基于栈的缓冲区溢出漏洞
CVE-2014-3849WordPress iMember360插件权限许可和访问控制漏洞
CVE-2014-3848WordPress iMember360插件权限许可和访问控制漏洞
CVE-2014-3801OpenStack Orchestration API (Heat) 信息泄露漏洞
CVE-2014-3450多款Panda Security产品安全漏洞
CVE-2014-3442Nullsoft Winamp 缓冲区溢出漏洞
CVE-2013-4223Gentoo Linux nullmailer Package ‘/etc/nullmailer/remotes’不安全文件权限漏洞
CVE-2013-2758Apache CloudStack和Citrix CloudPlatform 加密问题漏洞
CVE-2013-2757Citrix CloudPlatform 安全绕过漏洞
CVE-2013-2756Apache CloudStack和Citrix CloudPlatform 安全绕过漏洞
CVE-2014-2196Cisco Wide Area Application Services 代码注入漏洞
CVE-2013-2712KrisonAV CMS 跨站脚本漏洞
CVE-2013-1864PTLib XML解析拒绝服务漏洞
CVE-2013-1668CosCMS ‘index.php’ 远程命令注入漏洞
CVE-2013-0289Isync Certificate Verification 信息泄露漏洞
CVE-2012-5649Apache CouchDB 任意代码执行漏洞
CVE-2014-3276Cisco Identity Services Engine 安全漏洞
CVE-2014-3275Cisco Identity Services Engine SQL注入漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-2504

No comments yet

Leave a comment