CVE-2015-0551

Name of the Vulnerable Software and Affected Versions EMC Documentum WebTop versions 6.7SP1 through 6.7SP1 P30, 6.7SP2 through 6.7SP2 P22, and 6.8 through 6.8 P00 EMC Documentum Administrator versions 6.7SP1 through 6.7SP1 P30, 6.7SP2 through 6.7SP2 P22, 7.0 through 7.0 P17, 7.1 through 7.1 P14, and 7.2 through 7.2 P00 EMC Documentum Digital Assets Manager version 6.5SP6 through 6.5SP6 P24 EMC Documentum Web Publishers version 6.5 SP7 through 6.5 SP7 P24 EMC Documentum Task Space versions 6.7SP1 through 6.7SP1 P30 and 6.7SP2 through 6.7SP2 P22

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, potentially due to insufficient protection of the web page structure. This could enable a remote attacker to inject arbitrary web scripts or HTML code.

Recommendations For EMC Documentum WebTop versions 6.7SP1 through 6.7SP1 P30, 6.7SP2 through 6.7SP2 P22, and 6.8 through 6.8 P00, update to a version later than the specified patches. For EMC Documentum Administrator versions 6.7SP1 through 6.7SP1 P30, 6.7SP2 through 6.7SP2 P22, 7.0 through 7.0 P17, 7.1 through 7.1 P14, and 7.2 through 7.2 P00, update to a version later than the specified patches. For EMC Documentum Digital Assets Manager version 6.5SP6 through 6.5SP6 P24, update to a version later than 6.5SP6 P24. For EMC Documentum Web Publishers version 6.5 SP7 through 6.5 SP7 P24, update to a version later than 6.5 SP7 P24. For EMC Documentum Task Space versions 6.7SP1 through 6.7SP1 P30 and 6.7SP2 through 6.7SP2 P22, update to a version later than the specified patches.