Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0517

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-0517
Last Modified 20 Feb 2015 10:02:16
Published 14 Feb 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0517

Summary

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

Vulnerable Systems

Application

  • Emc Documentum D2 3.1

  • Emc Documentum D2 4.0

  • Emc Documentum D2 4.1

  • Emc Documentum D2 4.2


References

BUGTRAQ - 20150204 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

XF - emc-documentum-cve20150517-info-disc(100874)

SECTRACK - 1031693

BID - 72501


Last Updated: 27 May 2016 11:07:54