CVE-2014-2520 Information

Description

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 when Oracle Database is used does not properly restrict DQL hints which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.

Reference

http://secunia.com/advisories/60571 http://www.securityfocus.com/archive/1/533162/30/0/threaded http://www.securityfocus.com/bid/69274 http://www.securitytracker.com/id/1030743 https://exchange.xforce.ibmcloud.com/vulnerabilities/95369