Computer Security
[EN] securityvulns.ru no-pyccku


EMC Documentum multiple security vulnerabilities
updated since 14.06.2014
Published:14.09.2015
Source:
SecurityVulns ID:13831
Type:remote
Threat Level:
8/10
Description:Code injection, privilege escalation.
Affected:EMC : Documentum D2 4.2
 EMC : Documentum eRoom 7.4
 EMC : Documentum Content Server 7.1
 EMC : Documentum Content Server 6.7
 EMC : Documentum Digital Asset Manager 6.5
 EMC : Documentum Foundation Services 6.7
CVE:CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.)
 CVE-2015-4537 (Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.)
 CVE-2015-4536 (EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.)
 CVE-2015-4535 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.)
 CVE-2015-4534 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.)
 CVE-2015-4533 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.)
 CVE-2015-4532 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.)
 CVE-2015-4531 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.)
 CVE-2015-4530 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.)
 CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.)
 CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.)
 CVE-2015-0551 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors.)
 CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-0548 (The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.)
 CVE-2015-0547 (The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.)
 CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.)
 CVE-2015-0517 (The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.)
 CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.)
 CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.)
 CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.)
 CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.)
 CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.)
 CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.)
 CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.)
 CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.)
 CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.)
 CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.)
 CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.)
 CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.)
 CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.)
 CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.)
 CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.)
 CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.)
 CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.)
 CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.)
Original documentdocumentEMC, ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability (14.09.2015)
 documentEMC, ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability (14.09.2015)
 documentEMC, ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities (24.08.2015)
 documentEMC, ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability (24.08.2015)
 documentandrew_(at)_panfilov.tel, sysadmin privilege in EMC Documentum Content Server (24.08.2015)
 documentandrew_(at)_panfilov.tel, EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) (24.08.2015)
 documentandrew_(at)_panfilov.tel, Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532) (24.08.2015)
 documentEMC, ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability (24.08.2015)
 documentEMC, ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability (20.07.2015)
 documentEMC, ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability (20.07.2015)
 documentandrew_(at)_panfilov.tel, Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution (13.07.2015)
 documentEMC, ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities (05.07.2015)
 documentEMC, ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities (05.07.2015)
 documentandrew_(at)_panfilov.tel, Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects (05.07.2015)
 documentEMC, ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability (29.06.2015)
 documentEMC, ESA-2015-109: EMC Documentum D2 Cross-Site Scripting (29.06.2015)
 documentEMC, ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities (23.02.2015)
 documentEMC, ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities (13.01.2015)
 documentEMC, ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability (08.12.2014)
 documentEMC, ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities (21.09.2014)
 documentEMC, ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability (26.08.2014)
 documentEMC, ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities (28.07.2014)
 documentEMC, ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability (28.07.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom (28.07.2014)
 documentEMC, ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities (28.07.2014)
 documentEMC, ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability (14.06.2014)
 documentEMC, ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities (14.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod