EMC Documentum D2 Configuration Object Vulnerability (CVE-2016-0888)
EMC Documentum D2 Configuration Object Vulnerability (CVE-2016-0888)
Release date:
Updated on:
Affected Systems:
EMC Documentum D2 <4.6
Description:
CVE (CAN) ID: CVE-2016-0888
EMC Documentum D2 is an advanced, intuitive, configurable, and content-centric Documentum client that accelerates adoption of ECM applications.
In versions earlier than EMC Documentum D2 4.6, ACL is incorrectly used by multiple D2 Configuration object types. Unauthorized authenticated users can exploit this vulnerability to delete or modify such objects.
<* Source: vendor
*>
Suggestion:
Vendor patch:
EMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.emc.com/enterprise-content-management/documentum-d2.htm
This article permanently updates the link address: