Emc Documentum Eroom vulnerabilities
7 known vulnerabilities affecting emc/documentum_eroom.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2011-1741P2CRITICALCVSS 10.0v7.4.1v7.4.2+1 more2011-07-19
CVE-2011-1741 [CRITICAL] CWE-119 CVE-2011-1741: Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
nvd
CVE-2017-2766P3CRITICALCVSS 9.8v7.4.4v7.4.5+1 more2017-02-03
CVE-2017-2766 [CRITICAL] CWE-640 CVE-2017-2766: EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom ver
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
nvd
CVE-2011-2739P3HIGHCVSS 8.5v7.3.0v7.4.1+2 more2011-11-09
CVE-2011-2739 [HIGH] CWE-264 CVE-2011-2739: The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly r
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.
nvd
CVE-2012-0398P3HIGHCVSS 7.5≤ 7.4.3v7.3.0+2 more2012-03-15
CVE-2012-0398 [HIGH] CWE-264 CVE-2012-0398: EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote at
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.
nvd
CVE-2013-3286P4MEDIUMCVSS 4.3≤ 7.4.4v7.3.0+4 more2013-11-06
CVE-2013-3286 [MEDIUM] CWE-79 CVE-2013-3286: Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow r
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2012-0404P4MEDIUMCVSS 4.3≤ 7.4.3v7.3.0+2 more2012-03-15
CVE-2012-0404 [MEDIUM] CWE-79 CVE-2012-0404: Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attacker
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-2512P4LOWCVSS 3.5v7.4.3v7.4.42014-07-01
CVE-2014-2512 [LOW] CWE-79 CVE-2014-2512: Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19,
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd