CVE-2015-4524

Name of the Vulnerable Software and Affected Versions EMC Documentum Administrator versions 6.7SP1 through 6.7SP1 before P31, 6.7SP2 through 6.7SP2 before P23, 7.0 through 7.0 before P18, 7.1 through 7.1 before P15, and 7.2 through 7.2 before P01 EMC Documentum Digital Asset Management version 6.5SP6 before P25 EMC Documentum TaskSpace versions 6.7SP1 through 6.7SP1 before P31 and 6.7SP2 through 6.7SP2 before P23 EMC Documentum Web Publisher version 6.5 SP7 before P25 EMC Documentum WebTop versions 6.7SP1 through 6.7SP1 before P31, 6.7SP2 through 6.7SP2 before P23, and 6.8 through 6.8 before P01

Description The issue is related to an unrestricted file upload vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary code by uploading a file to the Content Server.

Recommendations For EMC Documentum Administrator versions 6.7SP1 through 6.7SP1 before P31, 6.7SP2 through 6.7SP2 before P23, 7.0 through 7.0 before P18, 7.1 through 7.1 before P15, and 7.2 through 7.2 before P01, update to a version that includes the necessary patches. For EMC Documentum Digital Asset Management version 6.5SP6 before P25, update to a version that includes the necessary patches. For EMC Documentum TaskSpace versions 6.7SP1 through 6.7SP1 before P31 and 6.7SP2 through 6.7SP2 before P23, update to a version that includes the necessary patches. For EMC Documentum Web Publisher version 6.5 SP7 before P25, update to a version that includes the necessary patches. For EMC Documentum WebTop versions 6.7SP1 through 6.7SP1 before P31, 6.7SP2 through 6.7SP2 before P23, and 6.8 through 6.8 before P01, update to a version that includes the necessary patches. As a temporary workaround, consider restricting file uploads to the Content Server until a patch is available.