[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "dm@xxxxxxxxxxxxxxxxx" <dm@xxxxxxxxxxxxxxxxx>
Subject: ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
From: Security Alert <Security_Alert@xxxxxxx>
Date: Wed, 5 Feb 2014 12:20:24 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access 
Vulnerability

EMC Identifier: ESA-2014-005

CVE Identifier: CVE-2014-0622 

Severity Rating: CVSS v2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:  
?       EMC DFS 6.5, 6.6, 6.7, 7.0 and 7.1 with all their service packs and 
patch versions.

Summary:  
EMC DFS may be vulnerable to content access vulnerability. 

Details:  
The DFS server may be vulnerable to malicious attacks that may allow access to 
content on the DFS file system. This is due to the way the DFS web service is 
used to upload content.

Resolution:  
If customers have DFS based web services exposed to external consumers, EMC 
strongly recommends all customers upgrade to the fixed versions at the earliest 
opportunity.

The following products contain the resolution to this issue:
?       EMC DFS 6.7 SP1 P22, 6.7 SP2 P08, 7.0 P12, 7.1 P01 and later versions.

Link to remedies:
Registered EMC Online Support customers can download software from 
support.emc.com by navigating to https://emc.subscribenet.com. 


For an explanation of Severity Ratings, refer to EMC Knowledgebase solution 
emc218831. EMC recommends all customers take into account both the base score 
and any relevant temporal and environmental scores which may impact the 
potential severity associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the 
attention of users of the affected EMC products, important security 
information. EMC recommends that all users determine the applicability of this 
information to their individual situations and take appropriate action. The 
information set forth herein is provided "as is" without warranty of any kind. 
EMC disclaims all warranties, either express or implied, including the 
warranties of merchantability, fitness for a particular purpose, title and 
non-infringement. In no event, shall EMC or its suppliers, be liable for any 
damages whatsoever including direct, indirect, incidental, consequential, loss 
of business profits or special damages, even if EMC or its suppliers have been 
advised of the possibility of such damages. Some states do not allow the 
exclusion or limitation of liability for consequential or incidental damages, 
so the foregoing limitation may not apply. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

iEYEARECAAYFAlLyKw8ACgkQtjd2rKp+ALwwqACgmerQzv480x/XIoLopBNHIT5T
/X8AoNIHB63xM+YykP4j7ly6lM0Zfbdd
=dzvt
-----END PGP SIGNATURE-----

Prev by Date: Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14
Next by Date: Multiple SQL Injection Vulnerabilities in AuraCMS
Previous by thread: Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14
Next by thread: Multiple SQL Injection Vulnerabilities in AuraCMS
Index(es):
- Date
- Thread