EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)
Medium Nessus Plugin ID 90422
SynopsisThe remote host is affected by a security bypass vulnerability.
DescriptionThe remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists (ACLs) for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete D2 objects.
SolutionUpgrade to EMC Documentum D2 version 4.6 later.