CVE-2013-6177
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
21/11/2013
Last modified:
11/04/2025
Description
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:* | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:* | ||
| cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
- http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
- http://www.kb.cert.org/vuls/id/346982
- http://www.securitytracker.com/id/1029384
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
- http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
- http://www.kb.cert.org/vuls/id/346982
- http://www.securitytracker.com/id/1029384