PatchSiren cyber security CVE debrief

CVE-2016-9873 Emc CVE debrief

CVE-2016-9873 describes a DQL injection issue in EMC Documentum D2 versions 4.5 and 4.6. According to the published record, an authenticated low-privileged attacker could potentially force execution of arbitrary DQL commands, which may allow information exposure, data modification, or service disruption. The affected weakness is mapped to CWE-77 and carries a CVSS 3.0 score of 6.3 (Medium).

Vendor: Emc
Product: CVE-2016-9873
CVSS: MEDIUM 6.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-03
Original CVE updated: 2026-05-13
Advisory published: 2017-02-03
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for EMC Documentum D2 4.5 or 4.6, especially environments that allow low-privileged authenticated users to interact with DQL-driven functions or content management workflows.

Technical summary

The NVD record identifies vulnerable CPEs for EMC Documentum D2 4.5 and 4.6 and classifies the issue as CWE-77. The CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, indicating network reachability, low attack complexity, required low privileges, and potential confidentiality, integrity, and availability impact. The core risk is injection of attacker-controlled DQL into application behavior, resulting in unintended database-like query execution within the application layer.

Defensive priority

Medium. The issue requires authentication and low privileges, but it can still affect confidentiality, integrity, and availability within exposed Documentum D2 deployments.

Recommended defensive actions

Confirm whether any Documentum D2 installations are running versions 4.5 or 4.6.
Review the official CVE/NVD references and vendor-linked advisories for remediation guidance or upgraded releases.
Limit low-privileged accounts to the minimum permissions needed and review whether any DQL-facing functionality is exposed more broadly than necessary.
Monitor application and audit logs for unusual DQL-related activity, unexpected query patterns, or data access changes.
Treat authenticated injection sinks as high-risk input paths and validate or parameterize any application logic that constructs DQL from user-controlled data.
If remediation is not immediately possible, reduce exposure by restricting access to trusted users and management networks only.

Evidence notes

The source corpus states that EMC Documentum D2 4.5 and 4.6 are affected, and that an authenticated low-privileged attacker may execute arbitrary DQL commands. The NVD metadata lists CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, CVSS score 6.3, and CWE-77. Reference links in the corpus include the CVE record, NVD detail page, and third-party advisory/VDB entries. The CVE was published on 2017-02-03T07:59:00.530Z and later modified in NVD on 2026-05-13T00:24:29.033Z; that modified date is not the issue date.

Official resources

CVE-2016-9873 CVE record
CVE.org
CVE-2016-9873 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]

Published in the official CVE/NVD record on 2017-02-03. The NVD entry was modified on 2026-05-13, which reflects record maintenance rather than initial disclosure.