CVE-2015-0517

Name of the Vulnerable Software and Affected Versions EMC Documentum D2 versions 3.1 through SP1 EMC Documentum D2 version 4.0 EMC Documentum D2 versions 4.1 before 4.1 P22 EMC Documentum D2 versions 4.2 before P11

Description The issue allows remote authenticated users to obtain sensitive information by reading a file, as the MD5 hash of an encryption passphrase is placed in log files by the D2-API component.

Recommendations For versions 3.1 through SP1, consider restricting access to log files to minimize the risk of exploitation. For version 4.0, update to a version that does not store sensitive information in log files. For versions 4.1 before 4.1 P22, update to version 4.1 P22 or later. For versions 4.2 before P11, update to version 4.2 P11 or later.