D2 and D2FS DQL Vulnerability

EMC just announced a vulnerability and patch to correct a security issue in D2.  ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability states that unpatched versions of D2 and D2FS can allow authenticated user to execute arbitrary DQL queries with superuser privileges.

Affected versions of D2 and D2FS are:

  • D2 3.1 and patched versions
  • D2 3.1SP1 and patched versions
  • D2 4.0 and patched versions
  • D2 4.1 and patched versions
  • D2 4.2 and patched versions

The resolution is to upgrade to the following versions:

  • D2 3.1 P20
  • D2 3.1SP1 P02
  • D2 4.0 P10
  • D2 4.1 P13
  • D2 4.2 P01

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: