Vulnerability Description
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum Administrator | 6.7 |
| Emc | Documentum Digital Asset Manager | 6.5 |
| Emc | Documentum Taskspace | 6.7 |
| Emc | Documentum Web Publisher | 6.5 |
| Emc | Documentum Webtop | 6.7 |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2015/Jul/9Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1032770Third Party AdvisoryVDB Entry
- http://seclists.org/bugtraq/2015/Jul/9Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1032770Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4524?
CVE-2015-4524 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18,...
How severe is CVE-2015-4524?
CVE-2015-4524 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4524?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Administrator, Emc Documentum Digital Asset Manager, Emc Documentum Taskspace, Emc Documentum Web Publisher, Emc Documentum Webtop.