CVE-2014-4636: CSRF
First published: Wed Jan 07 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Documentum WDK | <=6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4636?
The severity of CVE-2014-4636 is considered high due to its potential for unauthorized access and CSRF attacks.
How do I fix CVE-2014-4636?
To fix CVE-2014-4636, upgrade to EMC Documentum WDK version 6.8 or later.
What type of vulnerability is CVE-2014-4636?
CVE-2014-4636 is a Cross-site Request Forgery (CSRF) vulnerability.
Who is affected by CVE-2014-4636?
Users of EMC Documentum Web Development Kit versions prior to 6.8 are affected by CVE-2014-4636.
What can attackers do with CVE-2014-4636?
Attackers can hijack the authentication of arbitrary users for requests that perform Docbase operations with CVE-2014-4636.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/author
- agent/first-publish-date
- agent/source
- vendor/emc
- canonical/emc documentum wdk
- version/emc documentum wdk/6.7