New Documentum Security Vulnerabilities Announced

November 5, 2013 5 Comments

On Monday, EMC announced it had identified and corrected two new security vulnerabilities in the Documentum family of products; both are of the Cross-Site Scripting variety.

The first involves eRoom 7.4.4 prior to P11.  Here is the announcement:  ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities.

The second vulnerability affects the 6.7 SP web client products.  Specifically:

  • Documentum Webtop prior to 6.7 SP2 P07
  • Documentum WDK prior to 6.7 SP2 P07
  • Documentum Taskspace prior to 6.7 SP2 P07
  • Documentum Records Manager prior to 6.7 SP2 P07
  • Documentum Web Publisher prior to 6.5 SP7
  • Documentum Digital Asset Manager prior to 6.5 SP6
  • Documentum Administrator prior to 6.7 SP2 P07
  • Documentum Capital Projects prior to 1.8 P01

Here is the announcement: ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.

Please read the ESA’s for remedy details, but in most cases, applying the noted patches corrects the problems.

Filed under security Tagged with , , ,

5 Responses to New Documentum Security Vulnerabilities Announced

  1. Andrey B. Panfilov says:
    November 7, 2013 at 5:22 am

    Unfortunately, it’s just a drop in the ocean. During last 6 months I have found about 20 XSRFs and 10 shell injections 😦

    Like

    Reply

  2. Pingback: DFS, Content Server, and eRoom Vulnerabilities | dm_misc: Miscellaneous Documentum Information

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.