New Documentum Security Vulnerabilities Announced

On Monday, EMC announced it had identified and corrected two new security vulnerabilities in the Documentum family of products; both are of the Cross-Site Scripting variety.

The first involves eRoom 7.4.4 prior to P11.  Here is the announcement:  ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities.

The second vulnerability affects the 6.7 SP web client products.  Specifically:

  • Documentum Webtop prior to 6.7 SP2 P07
  • Documentum WDK prior to 6.7 SP2 P07
  • Documentum Taskspace prior to 6.7 SP2 P07
  • Documentum Records Manager prior to 6.7 SP2 P07
  • Documentum Web Publisher prior to 6.5 SP7
  • Documentum Digital Asset Manager prior to 6.5 SP6
  • Documentum Administrator prior to 6.7 SP2 P07
  • Documentum Capital Projects prior to 1.8 P01

Here is the announcement: ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.

Please read the ESA’s for remedy details, but in most cases, applying the noted patches corrects the problems.


About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

5 Responses to New Documentum Security Vulnerabilities Announced

  1. Andrey B. Panfilov says:

    Unfortunately, it’s just a drop in the ocean. During last 6 months I have found about 20 XSRFs and 10 shell injections 😦


  2. Pingback: DFS, Content Server, and eRoom Vulnerabilities | dm_misc: Miscellaneous Documentum Information

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: