ID CVE-2016-0888
Summary EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:emc:documentum_d2:4.5
    cpe:2.3:a:emc:documentum_d2:4.5
CVSS
Base: 9.0 (as of 10-01-2017 - 22:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Misc.
NASL id EMC_DOCUMENTUM_D2_ESA-2016-034.NASL
description The remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists (ACLs) for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete D2 objects.
last seen 2019-02-21
modified 2018-11-15
plugin id 90422
published 2016-04-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=90422
title EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)
refmap via4
bugtraq 20160404 ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability
sectrack 1035459
Last major update 10-01-2017 - 23:12
Published 07-04-2016 - 06:59
Back to Top