Vulnerability-Lookup

CVE-2013-6177 (GCVE-0-2013-6177)

Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29

Summary

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1029384	vdb-entryx_refsource_SECTRACK
	http://packetstormsecurity.com/files/124070/EMC-D…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/346982	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:29:42.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
          },
          {
            "name": "1029384",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029384"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
          },
          {
            "name": "VU#346982",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/346982"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-19T17:57:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
        },
        {
          "name": "1029384",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029384"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
        },
        {
          "name": "VU#346982",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/346982"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2013-6177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
            },
            {
              "name": "1029384",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029384"
            },
            {
              "name": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
            },
            {
              "name": "VU#346982",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/346982"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2013-6177",
    "datePublished": "2013-11-21T02:00:00",
    "dateReserved": "2013-10-21T00:00:00",
    "dateUpdated": "2024-08-06T17:29:42.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6177\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2013-11-21T04:40:59.157\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de recorrido de directorio en EMC Document Sciences xPression 4.1 SP1 anterior a Patch 47, 4.2 anterior a Patch 26, y 4.5 anterior a Patch 05, tal y como se usa en Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, permite a usuarios remotos autenticados leer archivos arbitrarios mediante el aprovechamiento de acceso a xDashboard.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine\",\"matchCriteriaId\":\"430FC38B-D983-43D4-AAF3-2D4039D0BE31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine\",\"matchCriteriaId\":\"B9A60542-B868-4F1A-9026-A694A53A223F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine\",\"matchCriteriaId\":\"EF09806D-23FE-4ECF-8689-E94D3D28E8C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine\",\"matchCriteriaId\":\"17E73BF4-ADFC-4B20-9614-30E67E75F16F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine\",\"matchCriteriaId\":\"2BCCDFAE-3909-4FE3-92CB-F07ADC815F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine\",\"matchCriteriaId\":\"C900B51A-4065-4B1F-A107-99FD391B9A4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*\",\"matchCriteriaId\":\"77E14258-E508-4508-A8D9-1DD1FAF1E409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*\",\"matchCriteriaId\":\"1DE2E916-23D6-4D20-AAFB-FA26EF9B371D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*\",\"matchCriteriaId\":\"41C367DF-1FE4-4E56-8A01-E63DFFE44068\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/346982\",\"source\":\"security_alert@emc.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id/1029384\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/346982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id/1029384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-JR66-9578-359V

Vulnerability from github – Published: 2022-05-17 04:11 – Updated: 2022-05-17 04:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-11-21T04:40:00Z",
    "severity": "LOW"
  },
  "details": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.",
  "id": "GHSA-jr66-9578-359v",
  "modified": "2022-05-17T04:11:07Z",
  "published": "2022-05-17T04:11:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6177"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/346982"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-6177

Vulnerability from fkie_nvd - Published: 2013-11-21 04:40 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
security_alert@emc.com	http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
security_alert@emc.com	http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
security_alert@emc.com	http://www.kb.cert.org/vuls/id/346982	US Government Resource
security_alert@emc.com	http://www.securitytracker.com/id/1029384
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/346982	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029384

Impacted products

Vendor	Product	Version
emc	document_sciences_xpression	4.1
emc	document_sciences_xpression	4.2
emc	document_sciences_xpression	4.5
emc	document_sciences_xpression	4.1
emc	document_sciences_xpression	4.2
emc	document_sciences_xpression	4.5
emc	document_sciences_xpression	4.1
emc	document_sciences_xpression	4.2
emc	document_sciences_xpression	4.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine",
              "matchCriteriaId": "430FC38B-D983-43D4-AAF3-2D4039D0BE31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine",
              "matchCriteriaId": "B9A60542-B868-4F1A-9026-A694A53A223F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine",
              "matchCriteriaId": "EF09806D-23FE-4ECF-8689-E94D3D28E8C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine",
              "matchCriteriaId": "17E73BF4-ADFC-4B20-9614-30E67E75F16F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine",
              "matchCriteriaId": "2BCCDFAE-3909-4FE3-92CB-F07ADC815F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine",
              "matchCriteriaId": "C900B51A-4065-4B1F-A107-99FD391B9A4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*",
              "matchCriteriaId": "77E14258-E508-4508-A8D9-1DD1FAF1E409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*",
              "matchCriteriaId": "1DE2E916-23D6-4D20-AAFB-FA26EF9B371D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*",
              "matchCriteriaId": "41C367DF-1FE4-4E56-8A01-E63DFFE44068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de recorrido de directorio en EMC Document Sciences xPression 4.1 SP1 anterior a Patch 47, 4.2 anterior a Patch 26, y 4.5 anterior a Patch 05, tal y como se usa en Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, permite a usuarios remotos autenticados leer archivos arbitrarios mediante el aprovechamiento de acceso a xDashboard."
    }
  ],
  "id": "CVE-2013-6177",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-21T04:40:59.157",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/346982"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1029384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/346982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029384"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-6177

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6177

Aliases

CVE-2013-6177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6177",
    "description": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.",
    "id": "GSD-2013-6177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6177"
      ],
      "details": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.",
      "id": "GSD-2013-6177",
      "modified": "2023-12-13T01:22:19.768244Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2013-6177",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
          },
          {
            "name": "1029384",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029384"
          },
          {
            "name": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
          },
          {
            "name": "VU#346982",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/346982"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2013-6177"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131119 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html"
            },
            {
              "name": "VU#346982",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/346982"
            },
            {
              "name": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html"
            },
            {
              "name": "1029384",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029384"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-07-22T17:53Z",
      "publishedDate": "2013-11-21T04:40Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6177 (GCVE-0-2013-6177)

GHSA-JR66-9578-359V

FKIE_CVE-2013-6177

GSD-2013-6177

Tags

Sightings

Nomenclature