Description
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032770
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Jul/9
Scores
EPSS
0.0090
EPSS Percentile
75.7%
Details
CWE
CWE-434
Status
published
Products (9)
emc/documentum_administrator
6.7 sp1 (2 CPE variants)
emc/documentum_administrator
7.0
emc/documentum_administrator
7.1
emc/documentum_administrator
7.2
emc/documentum_digital_asset_manager
6.5 sp6
emc/documentum_taskspace
6.7 sp1 (2 CPE variants)
emc/documentum_web_publisher
6.5 sp7
emc/documentum_webtop
6.7 sp1 (2 CPE variants)
emc/documentum_webtop
6.8
Published
Jul 04, 2015
Tracked Since
Feb 18, 2026