EMC Documentum products including Content Server, D2, and Web Development Kit (WDK) contain multiple vulnerabilities.
EMC Documentum Content Server, D2, and WDK contain numerous vulnerabilities of varying impact. For details, view our spreadsheet. For status from the vendor, please visit https://support.emc.com/docu38558 (requires EMC Online Support credentials). Search by CVE ID and/or ESA ID referenced in the spreadsheet.
The CVSS score below reflects use of backdoor credentials (see VU#184360, VU#695112, and VU#982432 in the spreadsheet).
The severity of impact varies. Specific examples include information disclosure, privilege escalation, authentication bypass, arbitrary code execution, shell command injection, and unauthorized access via backdoor credentials. Worst-case scenarios allow an attacker to take complete control of a vulnerable system.
Apply an update
Thanks to Andrey B. Panfilov for reporting these vulnerabilities.
This document was written by Joel Land.