Vulnerability Details : CVE-2013-6174
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
Vulnerability category: Open redirectInput validation
Products affected by CVE-2013-6174
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine
Exploit prediction scoring system (EPSS) score for CVE-2013-6174
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6174
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2013-6174
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6174
-
http://www.securityfocus.com/bid/63810
EMC Document Sciences xPression CVE-2013-6174 Unspecified Open Redirection Vulnerability
-
http://www.kb.cert.org/vuls/id/346982
VU#346982 - EMC Document Sciences xPression contains multiple vulnerabilitiesUS Government Resource
-
http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
-
http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
EMC Document Sciences xPression XSS / CSRF / Redirect / SQL Injection ≈ Packet Storm
-
http://www.securitytracker.com/id/1029384
EMC Document Sciences xPression Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, and Directory Traversal Attacks - SecurityTracker
Jump to