EMC Documentum Content Server Information Disclosure (ESA-2015-131)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The version of EMC Documentum Content Server running on the remote
host is affected an information disclosure vulnerability due to
passwords being stored as plaintext in log files for users with
inline authentication. An authenticated, remote attacker with access
to the log files can exploit this to login using the password of a
different user. Note that this issue is present only when RPC tracing
is enabled.

See also :

http://seclists.org/bugtraq/2015/Aug/att-86/ESA-2015-131.txt

Solution :

Apply the relevant patch referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 85545 ()

Bugtraq ID: 76412

CVE ID: CVE-2015-4536

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now