CVE-2015-4537

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-4537
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://seclists.org/bugtraq/2015/Aug/117
http://www.securitytracker.com/id/1033345
http://seclists.org/bugtraq/2015/Aug/117
http://www.securitytracker.com/id/1033345
Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:31

Type Values Removed Values Added
References () http://seclists.org/bugtraq/2015/Aug/117 - () http://seclists.org/bugtraq/2015/Aug/117 -
References () http://www.securitytracker.com/id/1033345 - () http://www.securitytracker.com/id/1033345 -
Information

Published : 2015-08-22 18:59

Updated : 2024-11-21 02:31

NVD link : CVE-2015-4537

Mitre link : CVE-2015-4537

CVE.ORG link : CVE-2015-4537

JSON object : View

Products Affected

emc

  • documentum_d2
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024