CVE-2014-2511: XSS
First published: Wed Aug 20 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Digital Assets Manager | =6.5 | |
| EMC Digital Assets Manager | =6.5-sp5 | |
| EMC Digital Assets Manager | =6.5-sp6 | |
| EMC Documentum Administrator | =6.7 | |
| EMC Documentum Administrator | =6.7-sp1 | |
| EMC Documentum Administrator | =6.7-sp2 | |
| EMC Documentum Administrator | =7.0 | |
| EMC Documentum Administrator | =7.1 | |
| EMC Documentum Capital Projects | =1.8 | |
| EMC Documentum Capital Projects | =1.9 | |
| EMC Documentum Webtop | =6.7 | |
| EMC Documentum Webtop | =6.7-sp1 | |
| EMC Documentum Webtop | =6.7-sp2 | |
| Emc Engineering Plant Facilities Management Solution For Documentum | =1.7 | |
| Emc Engineering Plant Facilities Management Solution For Documentum | =1.7-sp1 | |
| EMC Records Client | =6.7 | |
| EMC Records Client | =6.7-sp1 | |
| EMC Records Client | =6.7-sp2 | |
| EMC Documentum TaskSpace | =6.7 | |
| EMC Documentum TaskSpace | =6.7-sp1 | |
| EMC Documentum TaskSpace | =6.7-sp2 | |
| Emc Web Publishers | =6.5 | |
| Emc Web Publishers | =6.5-sp6 | |
| Emc Web Publishers | =6.5-sp7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2511?
CVE-2014-2511 is classified as a medium severity cross-site scripting vulnerability.
How do I fix CVE-2014-2511?
To fix CVE-2014-2511, upgrade EMC Documentum WebTop to version 6.7 SP1 P28 or newer.
Which versions are affected by CVE-2014-2511?
CVE-2014-2511 affects EMC Documentum WebTop versions prior to 6.7 SP1 P28 and 6.7 SP2 versions before P14.
What types of attacks can exploit CVE-2014-2511?
CVE-2014-2511 can be exploited through cross-site scripting attacks, allowing attackers to inject arbitrary scripts.
Who is at risk for CVE-2014-2511?
Organizations using the affected versions of EMC Documentum WebTop are at risk of CVE-2014-2511.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/emc digital assets manager
- version/emc digital assets manager/6.5
- version/emc digital assets manager/6.5-sp5
- version/emc digital assets manager/6.5-sp6
- canonical/emc documentum administrator
- version/emc documentum administrator/6.7
- version/emc documentum administrator/6.7-sp1
- version/emc documentum administrator/6.7-sp2
- version/emc documentum administrator/7.0
- version/emc documentum administrator/7.1
- canonical/emc documentum capital projects
- version/emc documentum capital projects/1.8
- version/emc documentum capital projects/1.9
- canonical/emc documentum webtop
- version/emc documentum webtop/6.7
- version/emc documentum webtop/6.7-sp1
- version/emc documentum webtop/6.7-sp2
- canonical/emc engineering plant facilities management solution for documentum
- version/emc engineering plant facilities management solution for documentum/1.7
- version/emc engineering plant facilities management solution for documentum/1.7-sp1
- canonical/emc records client
- version/emc records client/6.7
- version/emc records client/6.7-sp1
- version/emc records client/6.7-sp2
- canonical/emc documentum taskspace
- version/emc documentum taskspace/6.7
- version/emc documentum taskspace/6.7-sp1
- version/emc documentum taskspace/6.7-sp2
- canonical/emc web publishers
- version/emc web publishers/6.5
- version/emc web publishers/6.5-sp6
- version/emc web publishers/6.5-sp7