EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)

Medium Nessus Plugin ID 90422


The remote host is affected by a security bypass vulnerability.


The remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists (ACLs) for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete D2 objects.


Upgrade to EMC Documentum D2 version 4.6 later.

See Also


Plugin Details

Severity: Medium

ID: 90422

File Name: emc_documentum_d2_ESA-2016-034.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2016/04/08

Modified: 2016/09/26

Dependencies: 77303

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:emc:documentum_d2

Required KB Items: installed_sw/EMC Documentum D2

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/03/29

Vulnerability Publication Date: 2016/03/29

Reference Information

CVE: CVE-2016-0888

BID: 85808

OSVDB: 136419