PT-2015-2732 · Emc · Emc Documentum Taskspace+4
Published
2015-08-20
·
Updated
2016-11-28
·
CVE-2015-4530
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
EMC Documentum Administrator versions through 7.2
EMC Documentum Digital Asset Management versions through 6.5SP6
EMC Documentum TaskSpace versions through 6.7SP2
EMC Documentum Web Publisher versions through 6.5SP7
EMC Documentum WebTop versions before 6.8P01
Description
The issue is related to a cross-site request forgery (CSRF) that can be exploited by a remote attacker to hijack the authentication of arbitrary users. This can allow the attacker to capture user authentication details.
Recommendations
For EMC Documentum Administrator versions through 7.2, update to a version later than 7.2.
For EMC Documentum Digital Asset Management versions through 6.5SP6, update to a version later than 6.5SP6.
For EMC Documentum TaskSpace versions through 6.7SP2, update to a version later than 6.7SP2.
For EMC Documentum Web Publisher versions through 6.5SP7, update to a version later than 6.5SP7.
For EMC Documentum WebTop versions before 6.8P01, update to version 6.8P01 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Documentum Administrator
Emc Documentum Digital Asset Management
Emc Documentum Taskspace
Emc Documentum Web Publisher
Emc Documentum Webtop