Vulnerability Description
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum D2 | 3.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.htmlBroken Link
- http://www.securityfocus.com/bid/72501Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031693Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100874
- http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.htmlBroken Link
- http://www.securityfocus.com/bid/72501Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031693Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100874
FAQ
What is CVE-2015-0517?
CVE-2015-0517 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticate...
How severe is CVE-2015-0517?
CVE-2015-0517 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0517?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum D2.