PT-2014-4748 · Emc+1 · My Documentum For Microsoft Outlook+4
Published
2014-07-08
·
Updated
2017-01-07
·
CVE-2014-2510
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EMC Documentum Foundation Services (DFS) versions 6.6 before P39
EMC Documentum Foundation Services (DFS) versions 6.7 SP1 before P28
EMC Documentum Foundation Services (DFS) versions 6.7 SP2 before P15
Description
The issue allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This affects products such as My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage.
Recommendations
For EMC Documentum Foundation Services (DFS) version 6.6, update to P39 or later.
For EMC Documentum Foundation Services (DFS) version 6.7 SP1, update to P28 or later.
For EMC Documentum Foundation Services (DFS) version 6.7 SP2, update to P15 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centerstage
Emc Documentum Foundation Services
Outlook
My Documentum For Desktop
My Documentum For Microsoft Outlook