EMC Documentum D2 < 4.1 P22 / 4.2 P11 Multiple Vulnerabilities (ESA-2015-010)
Medium Nessus Plugin ID 81342
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version EMC Documentum D2 prior to 4.1 P22 / 4.2 P11. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to the D2-API component logging the MD5 hash of the passphrase used to encrypt sensitive information and user credentials. A remote, authenticated attacker can recover the passphrase. (CVE-2015-0517)
- A privilege escalation vulnerability exists due to a flaw in the D2FS web service component that allows a remote, authenticated attacker to manipulate group permissions and obtain superuser privileges.
SolutionUpgrade to EMC Documentum D2 4.1 P22 / 4.2 P11 or later.