NVD

Id
32597  
Name
CVE-2014-4639  
Description
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-01-06  
Modified Date
2016-12-06  
Seq
2014-4639  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
171687 32597 CVE-2014-4639 20150105 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities  View
171688 32597 CVE-2014-4639 http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html  View
171689 32597 CVE-2014-4639 1031497  View
171690 32597 CVE-2014-4639 documentum-wdk-cve20144639-weak-security(99636)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18657 JVNDB-2014-007532 EMC Documentum Web Development Kit におけるフィッシング攻撃を実行される脆弱性 EMC Documentum Web Development Kit (WDK) は、Webtop コンポーネントに関連する特定のパラメータの乱数を適切に生成しないため、フィッシング攻撃を実行される脆弱性が存在します。 CVE-2014-4639 71928 CVE-2014-4639 32597 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007532.html 2014-06-24 2015-01-09 View