CVE-2015-4524

04.07.2015, 14:59

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:P/A:P
dell	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
emc	documentum_administrator	6.7:sp1
emc	documentum_administrator	6.7:sp2
emc	documentum_administrator	7.0
emc	documentum_administrator	7.1
emc	documentum_administrator	7.2
emc	documentum_digital_asset_manager	6.5:sp6
emc	documentum_taskspace	6.7:sp1
emc	documentum_taskspace	6.7:sp2
emc	documentum_web_publisher	6.5:sp7
emc	documentum_webtop	6.7:sp1
emc	documentum_webtop	6.7:sp2
emc	documentum_webtop	6.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

http://seclists.org/bugtraq/2015/Jul/9

http://www.securitytracker.com/id/1032770

http://seclists.org/bugtraq/2015/Jul/9

http://www.securitytracker.com/id/1032770