Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum Administrator | <= 7.2 |
| Emc | Documentum Digital Asset Manager | <= 6.5 |
| Emc | Documentum Taskspace | <= 6.7 |
| Emc | Documentum Web Publisher | <= 6.5 |
| Emc | Documentum Webtop | <= 6.8 |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2015/Aug/87
- http://www.securityfocus.com/bid/76405
- http://seclists.org/bugtraq/2015/Aug/87
- http://www.securityfocus.com/bid/76405
FAQ
What is CVE-2015-4530?
CVE-2015-4530 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publisher...
How severe is CVE-2015-4530?
CVE-2015-4530 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4530?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Administrator, Emc Documentum Digital Asset Manager, Emc Documentum Taskspace, Emc Documentum Web Publisher, Emc Documentum Webtop.