CVE-2015-0517

EMC Documentum D2 3.1-SP1, 4.0-4.1 P21, 4.2 P10 - Authenticated Sensitive Information Exposure via D2-API Log Files

Title source: llm

Description

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/100874

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031693

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/72501

Broken Link mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html

Scores

EPSS 0.0022

EPSS Percentile 44.0%

Details

CWE

CWE-200

Status published

Products (4)

emc/documentum_d2 3.1 (2 CPE variants)

emc/documentum_d2 4.0

emc/documentum_d2 4.1

emc/documentum_d2 4.2

Published Feb 14, 2015

Tracked Since Feb 18, 2026