EMC Documentum D2 information leakage (CVE-2015-4537)
EMC Documentum D2 information leakage (CVE-2015-4537)
Release date:
Updated on:
Affected Systems:
EMC Documentum d2. <= 4.2
Description:
CVE (CAN) ID: CVE-2015-4537
EMC Documentum D2 is an advanced, intuitive, configurable, and content-centric Documentum client that accelerates adoption of ECM applications.
In EMC Documentum D2 4.2 and earlier versions, the Lockbox component saves the password in the encrypted file. Deleting the file D2.Lockbox from the Documentum Content Server and the application Server will cause Documentum D2 to use a hard-coded password decryption Management Certificate. Attackers can exploit this vulnerability to obtain the password and Management Certificate.
<* Source: EMC
Link: http://www.securityfocus.com/archive/1/536278
*>
Suggestion:
Vendor patch:
EMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.emc.com/enterprise-content-management/documentum-d2.htm
This article permanently updates the link address: