PT-2016-4468 · Emc · Emc Documentum Webtop+3
Published
2016-06-23
·
Updated
2017-01-11
·
CVE-2016-0914
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
EMC Documentum WebTop versions 6.8 through 6.8 before Patch 13
EMC Documentum WebTop version 6.8.1 before Patch 02
Documentum Administrator versions 7.x before 7.2 Patch 13
Documentum Capital Projects versions 1.9 before Patch 23
Documentum Capital Projects version 1.10 before Patch 10
Documentum TaskSpace version 6.7 SP3
Description
The issue allows remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface.
Recommendations
For EMC Documentum WebTop versions 6.8 through 6.8 before Patch 13, apply Patch 13.
For EMC Documentum WebTop version 6.8.1 before Patch 02, apply Patch 02.
For Documentum Administrator versions 7.x before 7.2 Patch 13, apply Patch 13 to version 7.2.
For Documentum Capital Projects versions 1.9 before Patch 23, apply Patch 23.
For Documentum Capital Projects version 1.10 before Patch 10, apply Patch 10.
For Documentum TaskSpace version 6.7 SP3, consider restricting access to the IAPI/IDQL interface until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Documentum Administrator
Documentum Capital Projects
Emc Documentum Taskspace
Emc Documentum Webtop