CVE-2015-0517
EMC Documentum D2 Information Disclosure / Privilege Escalation
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
El componente D2-API en EMC Documentum D2 3.1 hasta SP1, 4.0 y 4.1 anterior a 4.1 P22, y 4.2 anterior a P11 coloca el hash MD5 una frase de contraseƱa de cifrado en ficheros de registros, lo que permite a usuarios remotos autenticados obtener informaciĆ³n sensible mediante la lectura de un fichero.
EMC Documentum D2 suffers from sensitive information disclosure and privilege escalation vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-12-17 CVE Reserved
- 2015-02-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2015-02/0031.html | Broken Link | |
| http://www.securityfocus.com/bid/72501 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031693 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100874 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Documentum D2 Search vendor "Emc" for product "Documentum D2" | 3.1 Search vendor "Emc" for product "Documentum D2" and version "3.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum D2 Search vendor "Emc" for product "Documentum D2" | 3.1 Search vendor "Emc" for product "Documentum D2" and version "3.1" | sp1 |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum D2 Search vendor "Emc" for product "Documentum D2" | 4.0 Search vendor "Emc" for product "Documentum D2" and version "4.0" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum D2 Search vendor "Emc" for product "Documentum D2" | 4.1 Search vendor "Emc" for product "Documentum D2" and version "4.1" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Documentum D2 Search vendor "Emc" for product "Documentum D2" | 4.2 Search vendor "Emc" for product "Documentum D2" and version "4.2" | - |
Affected
| ||||||