Vulnerability Note VU#315340
EMC Documentum products contain multiple vulnerabilities
Original Release date: 15 Dec 2014 | Last revised: 17 Dec 2014
EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.
EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet.
The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).
The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.
Apply an update
EMC has released updates to address many of the issues in question. For information about specific updates, including discussion about their effectiveness, refer to the spreadsheet.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedEMC CorporationAffected25 Apr 201416 Dec 2014If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
Thanks to Andrey B. Panfilov for reporting these vulnerabilities.
This document was written by Joel Land.
15 Dec 2014
Date First Published:
15 Dec 2014
Date Last Updated:
17 Dec 2014
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.