CVE-2014-2503 Information

Description

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3 6.5 SP4 6.5 SP5 and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-06/0037.html http://packetstormsecurity.com/files/126947/EMC-Documentum-Digital-Asset-Manager-Blind-DQL-Injection.html http://www.securityfocus.com/bid/67868 http://www.securitytracker.com/id/1030348