CVE-2011-2739

EMC Documentum eRoom 7.3.x and 7.4.x < 7.4.3.g - Authenticated Arbitrary Code Execution via File Upload

Title source: llm
STIX 2.1

Description

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8528
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520372

Scores

EPSS 0.0121
EPSS Percentile 79.2%

Details

CWE
CWE-264
Status published
Products (4)
emc/documentum_eroom 7.3.0
emc/documentum_eroom 7.4.1
emc/documentum_eroom 7.4.2
emc/documentum_eroom 7.4.3
Published Nov 09, 2011
Tracked Since Feb 18, 2026