Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3138

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-3138
Last Modified 20 May 2014 12:14:06
Published 01 May 2014 08:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-3138

Summary

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Xerox Docushare 6.5.3

  • Xerox Docushare 6.6.1


References

XF - xerox-docushare-sql-injection(92548)

MISC - http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf

BID - 66922

OSVDB - 105972

EXPLOIT-DB - 32886

SECUNIA - 57996

FULLDISC - 20140415 Xerox DocuShare authenticated SQL injection

MISC - http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html


Last Updated: 27 May 2016 11:05:10