PT-2016-4468 · Emc · Emc Documentum Webtop+3
Publicado
2016-06-23
·
Atualizado
2017-01-11
·
CVE-2016-0914
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
EMC Documentum WebTop versions 6.8 through 6.8 before Patch 13
EMC Documentum WebTop version 6.8.1 before Patch 02
Documentum Administrator versions 7.x before 7.2 Patch 13
Documentum Capital Projects versions 1.9 before Patch 23
Documentum Capital Projects version 1.10 before Patch 10
Documentum TaskSpace version 6.7 SP3
Description
The issue allows remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
Recommendations
For EMC Documentum WebTop versions 6.8 through 6.8 before Patch 13, apply Patch 13.
For EMC Documentum WebTop version 6.8.1 before Patch 02, apply Patch 02.
For Documentum Administrator versions 7.x before 7.2 Patch 13, apply Patch 13 to version 7.2.
For Documentum Capital Projects versions 1.9 before Patch 23, apply Patch 23.
For Documentum Capital Projects version 1.10 before Patch 10, apply Patch 10.
For Documentum TaskSpace version 6.7 SP3, consider restricting access to the IAPI/IDQL interface until a patch is available.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Emc Documentum Administrator
Documentum Capital Projects
Emc Documentum Taskspace
Emc Documentum Webtop