PT-2015-6611 · Emc · Emc Documentum Content Server

Published

2015-08-20

Updated

2017-09-21

CVE-2015-4534

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Documentum Content Server versions prior to 6.7SP1 P32 EMC Documentum Content Server versions 6.7SP2 prior to P25 EMC Documentum Content Server versions 7.0 prior to P19 EMC Documentum Content Server versions 7.1 prior to P16 EMC Documentum Content Server versions 7.2 prior to P02

Description The issue allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method verb parameter.

Recommendations For versions prior to 6.7SP1 P32, update to 6.7SP1 P32 or later. For versions 6.7SP2 prior to P25, update to 6.7SP2 P25 or later. For versions 7.0 prior to P19, update to 7.0 P19 or later. For versions 7.1 prior to P16, update to 7.1 P16 or later. For versions 7.2 prior to P02, update to 7.2 P02 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-4534

Affected Products

Emc Documentum Content Server

PT-2015-6611 · Emc · Emc Documentum Content Server

CVE-2015-4534

Weakness Enumeration

Related Identifiers

Affected Products

References · 4