Blog Update Status

I have stopped making regular updates to this blog (see here), but not ceased altogether.  Stop by occasionally to see new posts.

Webtop ESA-2016-088

EMC has posted an ESA for Webtop: ESA-2016-088: EMC Documentum Webtop Unsafe Deserialization Vulnerability.  Here is the text of the ESA:

Documentum Webtop has a java deserialization code which may not validate if the input stream contains any malicious code. This code may be leveraged to exploit the system using malicious payloads with the help of the vulnerable versions of Apache libraries used in WebTop.

The following EMC Documentum Webtop release contains resolutions to these vulnerabilities:

  • EMC Documentum Webtop 6.8.1 P04 and later
  • EMC Documentum Webtop 6.8 P16 and later
  • EMC Documentum Capital Projects 1.9 P25 and later
  • EMC Documentum Capital Projects 1.10 P12 and later

EMC recommends all customers upgrade at the earliest opportunity. In addition, Documentum Engineering is working to validate a code fix for the following product families. This code fix will be available in upcoming maintenance releases:

  • EMC Documentum Administrator 7.2
  • EMC Documentum TaskSpace 6.7

This ESA will be updated as code fixes become available.

This is an interesting ESA in that the vulnerability seems to be with Apache libraries, not Webtop directly, and no resolution or corrective action is given.  Usually, EMC announces ESAs after the issues have been corrected in a patch.

D2 and Google Charts

I saw this 3-part tutorial on the EDN this week discussing how to integrate Google Charts with D2 and thought it was worth sharing.  See what you think.


Captiva 7.1 Certified on Windows 10

I recently read in the ECD Product and Solutions Bulletin:

“The Enterprise Content Division continuously improves products to fit your needs and we’re glad to announce that Captiva 7.1 is now certified for Microsoft Windows 10 x64. More information can be found in the release notes, or contact support if you have any questions.”

That’s good news for many I’m sure.

xCP 2.3 Available

In case you missed the announcement, EMC has released xCP v2.3 with a long list of new features that better leverage the power of the Content Server and strengthen xCP’s core capabilities.  See the announcement for details.

Job Frequency Best Practices

I recently ran across this knowledgebase article and thought I would share it, since it is similar to some research I did back in 2007.  The difference (besides 9 years), is that my article was written for developers, where the knowledgebase article addresses production systems.  Obviously a lot has changed in the 9 years between articles.  Read both and determine for yourself which frequency works best in your environments.

Momentum 2016 Hands-On Labs Available

It’s been a while since I’ve posted anything here, so I thought I would pass along the announcement and link to the Momentum 2016 Hands-On Labs.  For those that were unable to attend EMC World 2016 or unable to attend the Hands-On labs due to scheduling, they are provided here.  Enjoy.



Reveille for Free?

In case you missed it, Reveille Software is offering their awesome Documentum and Captiva monitoring platform for free!    The Reveille Starter for EMC provides insight to performance, usage, configuration, compliance, and more.

Customers leverage Reveille to:

  • Get ahead of issues before days are ruined
  • Analyze user performance, activity and peak loads
  • Make better decisions with powerful ECM analytics designed for Captiva and Documentum
  • Get more time for things that matter – less babysitting

I have been a long-time fan of Reveille.  This opportunity will make you a fan too.  Download the Reveille Starter for EMC and get started today!


D2 Config Object Migrator

One of the big changes in D2 v4.6 was a change in the object hierarchy for the D2 config objects.  These objects now inherit from dm_sysobject so they can be protected with ACLs.  For new installs of D2 v4.6 there is no migration necessary; however, to upgrade D2 v4.5, your current configs must be “migrated” to new config object types.  EMC published a whitepaper, Documentum D2 4.6 Config Object Model Change and Migration, detailing this process using their migration tool, D2-Config-Migrator (packaged with D2 v4.6 download), to accomplish the feat.  In all, 71 types are migrated (they are listed in the whitepaper).  Good luck!




ESA for Documentum D2 Configuration Object Vulnerability

EMC has issued ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability.

Prior to EMC Documentum D2 4.6, many D2 Configuration object types were not properly protected with ACLs. As a result, an authenticated but unprivileged user could then modify or delete such objects.

EMC recommends that all customers upgrade to D2 4.6 at the earliest opportunity.

Really… that’s all it says.

UPDATE:  See an explanation of the vulnerability and the fix from Yuri Simione.

D2 v4.6 Available

In case you missed it last week, EMC announced the availability of D2 v4.6.  The most significant enhancement is the D2 REST API.  See the announcement here with more details.


Get every new post delivered to your Inbox.

Join 296 other followers

%d bloggers like this: