Vulnerability Description
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum Xplore | 1.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0020.html
- http://secunia.com/advisories/47920Vendor Advisory
- http://securitytracker.com/id?1026639
- http://www.securityfocus.com/bid/51863
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72994
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0020.html
- http://secunia.com/advisories/47920Vendor Advisory
- http://securitytracker.com/id?1026639
- http://www.securityfocus.com/bid/51863
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72994
FAQ
What is CVE-2012-0396?
CVE-2012-0396 is a vulnerability with a CVSS score of 4.0 (MEDIUM). EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or ...
How severe is CVE-2012-0396?
CVE-2012-0396 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0396?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Xplore.