Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4639

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-4639
Last Modified 22 Jan 2015 09:00:44
Published 06 Jan 2015 09:59:19
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-4639

Summary

EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.

Vulnerable Systems

Application

  • Emc Documentum Wdk 6.7


References

BUGTRAQ - 20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities

XF - documentum-wdk-cve20144639-weak-security(99636)


Last Updated: 27 May 2016 11:07:27