Another D2 ESA

Short and sweet: By exploiting this vulnerability, remote unauthenticated users may download any document from the Docbase by knowing only the r_object_id of that document.

Resolution: Upgrade to D2 v4.5 patch 15, or D2 v4.6 patch 03.

Here is the link:  ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

 

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: