Vulnerability Note VU#315340

EMC Documentum products contain multiple vulnerabilities

Original Release date: 15 Dec 2014 | Last revised: 06 Jan 2017


EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.


EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor, please visit (requires EMC Online Support credentials). Search by CVE ID and/or ESA ID referenced in the spreadsheet.

The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).


The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.


Apply an update

EMC has released updates to address many of the issues in question. For information about specific updates, including discussion about their effectiveness, refer to the spreadsheet.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
EMC CorporationAffected25 Apr 201416 Dec 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.0 E:POC/RL:ND/RC:C
Environmental 6.7 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to Andrey B. Panfilov for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information


If you have feedback, comments, or additional information about this vulnerability, please send us email.