CVE-2015-4524

EMC Documentum Administrator - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/bugtraq/2015/Jul/9

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032770

Scores

EPSS 0.0090

EPSS Percentile 75.3%

Classification

CWE

CWE-434

Status draft

Affected Products (12)

emc/documentum_administrator

emc/documentum_digital_asset_manager

emc/documentum_taskspace

emc/documentum_web_publisher

emc/documentum_webtop

Timeline

Published Jul 04, 2015

Tracked Since Feb 18, 2026