February 25, 2016
I have stopped making regular updates to this blog (see here), but not ceased altogether. Stop by occasionally to see new posts.
M. Scott Roth
August 19, 2016 2 Comments
EMC has posted an ESA for Webtop: ESA-2016-088: EMC Documentum Webtop Unsafe Deserialization Vulnerability. Here is the text of the ESA:
Documentum Webtop has a java deserialization code which may not validate if the input stream contains any malicious code. This code may be leveraged to exploit the system using malicious payloads with the help of the vulnerable versions of Apache libraries used in WebTop.
The following EMC Documentum Webtop release contains resolutions to these vulnerabilities:
- EMC Documentum Webtop 6.8.1 P04 and later
- EMC Documentum Webtop 6.8 P16 and later
- EMC Documentum Capital Projects 1.9 P25 and later
- EMC Documentum Capital Projects 1.10 P12 and later
EMC recommends all customers upgrade at the earliest opportunity. In addition, Documentum Engineering is working to validate a code fix for the following product families. This code fix will be available in upcoming maintenance releases:
- EMC Documentum Administrator 7.2
- EMC Documentum TaskSpace 6.7
This ESA will be updated as code fixes become available.
This is an interesting ESA in that the vulnerability seems to be with Apache libraries, not Webtop directly, and no resolution or corrective action is given. Usually, EMC announces ESAs after the issues have been corrected in a patch.
August 1, 2016 Leave a comment
I recently read in the ECD Product and Solutions Bulletin:
“The Enterprise Content Division continuously improves products to fit your needs and we’re glad to announce that Captiva 7.1 is now certified for Microsoft Windows 10 x64. More information can be found in the release notes, or contact support if you have any questions.”
That’s good news for many I’m sure.
June 30, 2016 Leave a comment
I recently ran across this knowledgebase article and thought I would share it, since it is similar to some research I did back in 2007. The difference (besides 9 years), is that my article was written for developers, where the knowledgebase article addresses production systems. Obviously a lot has changed in the 9 years between articles. Read both and determine for yourself which frequency works best in your environments.
June 15, 2016 Leave a comment
It’s been a while since I’ve posted anything here, so I thought I would pass along the announcement and link to the Momentum 2016 Hands-On Labs. For those that were unable to attend EMC World 2016 or unable to attend the Hands-On labs due to scheduling, they are provided here. Enjoy.
April 15, 2016 Leave a comment
In case you missed it, Reveille Software is offering their awesome Documentum and Captiva monitoring platform for free! The Reveille Starter for EMC provides insight to performance, usage, configuration, compliance, and more.
Customers leverage Reveille to:
- Get ahead of issues before days are ruined
- Analyze user performance, activity and peak loads
- Make better decisions with powerful ECM analytics designed for Captiva and Documentum
- Get more time for things that matter – less babysitting
I have been a long-time fan of Reveille. This opportunity will make you a fan too. Download the Reveille Starter for EMC and get started today!
April 1, 2016 Leave a comment
One of the big changes in D2 v4.6 was a change in the object hierarchy for the D2 config objects. These objects now inherit from
dm_sysobject so they can be protected with ACLs. For new installs of D2 v4.6 there is no migration necessary; however, to upgrade D2 v4.5, your current configs must be “migrated” to new config object types. EMC published a whitepaper, Documentum D2 4.6 Config Object Model Change and Migration, detailing this process using their migration tool, D2-Config-Migrator (packaged with D2 v4.6 download), to accomplish the feat. In all, 71 types are migrated (they are listed in the whitepaper). Good luck!
March 25, 2016 Leave a comment
Prior to EMC Documentum D2 4.6, many D2 Configuration object types were not properly protected with ACLs. As a result, an authenticated but unprivileged user could then modify or delete such objects.
EMC recommends that all customers upgrade to D2 4.6 at the earliest opportunity.
Really… that’s all it says.
UPDATE: See an explanation of the vulnerability and the fix from Yuri Simione.