Latest Documentum ESAs

EMC released ESA-2015-130 and ESA-2015-131 this week describing new vulnerabilities discovered in Webtop and Content Server, respectively.

  • ESA-2015-130 describes a Cross-Site Request Forgery (CSRF) vulnerability in Webtop 6.8 (and Webtop-based apps like DA 7.2) where an attacker may  trick authenticated users to click on  links embedded within an email, web page, or another source, and perform Docbase operations with that user’s privileges. This is apparently the second time this has been fixed, as the previous fix was incomplete.
  • ESA-2015-131 describes several very interesting privilege escalations and information leaks in the Content Server.  Read the ESA for the details.  Content Server versions 6.7 SP1 – 7.2 are affected.

The remedies for all of these vulnerabilities are contained in the latest patch releases for Webtop, DA, and Content Server.

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

2 Responses to Latest Documentum ESAs

  1. David L. says:

    Is Records 6.7 SP3 still a supported client? It never gets mentioned in these ESA’s, and yet it’s built on WDK…

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: