DFS Vulnerbility Announced (and Fixed)

EMC issued ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability last night.  This is not related to the HeartBleed bug.  The problem is the DFS server is vulnerable to malicious attacks that may allow access to content on the DFS file system. This is due to the way the DFS web service is used to upload content.

Affected versions of the DFS are:

  • Documentum Foundation Services (DFS) 6.5, 6.6, 6.7, 7.0, 7.1 with all service packs and patches
  • My Documentum for Desktop 6.7.2 with all service packs and patches
  • My Documentum for Microsoft Outlook 6.7 SP1, 6.7 SP2, 6.7.1 with all patches
  • CenterStage 1.0, 1.1, 1.2, 1.2 SP1 (with all patches), 1.2 SP2 P01 and P02

The remedy, of course, is to upgrade to the latest patched releases.  Note that unsupported product version (DFS 6.5, 6.6, CenterStage 1.0, 1.1) are directly patched.  These products will require true upgrades.

  • DFS 6.7 SP1 P22
  • DFS 6.7 SP2 P08
  • DFS 7.0 P12
  • DFS 7.1 P01 and later versions
  • My Documentum for Desktop 6.7.2 P11
  • My Documentum for Microsoft Outlook 6.7 SP2 P09
  • My Documentum for Microsoft Outlook 6.7.1 P22
  • My Documentum for Microsoft Outlook 6.7 SP1-Hotfix
  • CenterStage 1.2 SP2 P03

The ESA contains links directly to each product’s patch. See the ESA for more details.

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: