Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2015/Jul/9 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1032770 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-07-04 07:59
Updated : 2016-12-28 08:47
NVD link : CVE-2015-4524
Mitre link : CVE-2015-4524
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
emc
- documentum_taskspace
- documentum_administrator
- documentum_digital_asset_manager
- documentum_web_publisher
- documentum_webtop