This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote host is running a version EMC Documentum D2 prior to 4.1
P22 / 4.2 P11. It is, therefore, affected by multiple vulnerabilities
- An information disclosure vulnerability exists due to
the D2-API component logging the MD5 hash of the
passphrase used to encrypt sensitive information and
user credentials. A remote, authenticated attacker can
recover the passphrase. (CVE-2015-0517)
- A privilege escalation vulnerability exists due to a
flaw in the D2FS web service component that allows a
remote, authenticated attacker to manipulate group
permissions and obtain superuser privileges.
See also :
Upgrade to EMC Documentum D2 4.1 P22 / 4.2 P11 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.7
Public Exploit Available : false