PT-2008-2279 · Emc · Emc Documentum Administrator+1

Pablo Gaston Milano

Published

2008-02-07

Updated

2018-10-15

CVE-2008-0656

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Documentum Administrator version 5.3.0.313 EMC Documentum Webtop version 5.3.0.317

Description The issue allows remote attackers to overwrite arbitrary files via the filename attribute in the dmclTrace.jsp file. This can be exploited by uploading files with malicious intent.

Recommendations For EMC Documentum Administrator version 5.3.0.313, restrict access to the dmclTrace.jsp file to prevent unauthorized file uploads. For EMC Documentum Webtop version 5.3.0.317, restrict access to the dmclTrace.jsp file to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in the dmclTrace.jsp file until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-0656

Affected Products

Emc Documentum Administrator

Emc Documentum Webtop

PT-2008-2279 · Emc · Emc Documentum Administrator+1

CVE-2008-0656

Weakness Enumeration

Related Identifiers

Affected Products

References · 9