Latest Documentum ESAs

EMC released ESA-2015-130 and ESA-2015-131 this week describing new vulnerabilities discovered in Webtop and Content Server, respectively.

  • ESA-2015-130 describes a Cross-Site Request Forgery (CSRF) vulnerability in Webtop 6.8 (and Webtop-based apps like DA 7.2) where an attacker may  trick authenticated users to click on  links embedded within an email, web page, or another source, and perform Docbase operations with that user’s privileges. This is apparently the second time this has been fixed, as the previous fix was incomplete.
  • ESA-2015-131 describes several very interesting privilege escalations and information leaks in the Content Server.  Read the ESA for the details.  Content Server versions 6.7 SP1 – 7.2 are affected.

The remedies for all of these vulnerabilities are contained in the latest patch releases for Webtop, DA, and Content Server.

2 Responses to Latest Documentum ESAs

  1. David L. says:

    Is Records 6.7 SP3 still a supported client? It never gets mentioned in these ESA’s, and yet it’s built on WDK…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: