CVE-2015-4524

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
Link Resource
http://seclists.org/bugtraq/2015/Jul/9 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1032770 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp6:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_taskspace:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_web_publisher:6.5:sp7:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.7:sp2:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-07-04 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-4524

Mitre link : CVE-2015-4524

CVE.ORG link : CVE-2015-4524


JSON object : View

Products Affected

emc

  • documentum_administrator
  • documentum_taskspace
  • documentum_digital_asset_manager
  • documentum_web_publisher
  • documentum_webtop
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type