CVE-2015-4524

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
Link Resource
http://seclists.org/bugtraq/2015/Jul/9 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1032770 Third Party Advisory VDB Entry
http://seclists.org/bugtraq/2015/Jul/9 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1032770 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*

History

21 Nov 2024, 02:31

Type Values Removed Values Added
References () http://seclists.org/bugtraq/2015/Jul/9 - Mailing List, Third Party Advisory () http://seclists.org/bugtraq/2015/Jul/9 - Mailing List, Third Party Advisory
References () http://www.securitytracker.com/id/1032770 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1032770 - Third Party Advisory, VDB Entry

Information

Published : 2015-07-04 14:59

Updated : 2024-11-21 02:31


NVD link : CVE-2015-4524

Mitre link : CVE-2015-4524

CVE.ORG link : CVE-2015-4524


JSON object : View

Products Affected

emc

  • documentum_administrator
  • documentum_taskspace
  • documentum_web_publisher
  • documentum_webtop
  • documentum_digital_asset_manager
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type