CVE-2015-4537
EMC Documentum D2 < 4.4 - Authenticated Exposure of Sensitive Information via Hardcoded Lockbox Passphrase
Title source: llmDescription
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2015/Aug/117
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033345
Scores
EPSS
0.0018
EPSS Percentile
38.7%
Details
CWE
CWE-200
Status
published
Products (1)
emc/documentum_d2
< 4.4
Published
Aug 22, 2015
Tracked Since
Feb 18, 2026