DAM DQL ESA

EMC has issued ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability. 

The DAM thumbnail proxy server allows unauthenticated users to query objects using a vulnerable URL query string parameter. A malicious attacker may potentially conduct Blind DQL injection attacks using the vulnerable parameter to infer or modify the database contents.

Affected products are:

  • Documentum Digital Asset Manager 6.5 SP3
  • Documentum Digital Asset Manager 6.5 SP4
  • Documentum Digital Asset Manager 6.5 SP5
  • Documentum Digital Asset Manager 6.5 SP6

A hot fix is available for DAM 6.5 SP3 – SP5. A patch is available for DAM 6.5 SP6.
The hotfix for DAM 6.5 SP3 – SP5 can be downloaded from:

The patch, DAM 6.5 SP6 P13, can be downloaded from:

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: