CVE-2015-4530

EMC Documentum Administrator < 7.2 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.

References (2)

[Mailing List] http://seclists.org/bugtraq/2015/Aug/87

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76405

Scores

EPSS 0.0012

EPSS Percentile 31.3%

Classification

CWE

CWE-352

Status draft

Affected Products (5)

emc/documentum_administrator < 7.2

emc/documentum_digital_asset_manager < 6.5

emc/documentum_taskspace < 6.7

emc/documentum_web_publisher < 6.5

emc/documentum_webtop < 6.8

Timeline

Published Aug 20, 2015

Tracked Since Feb 18, 2026