eRoom 7.3 and later – arbitrary file upload vulnerability


Are you still using glorious EMC eRoom? Your system could need a little upgrade. This week the EMC Product Security Response Center published a bulletin related to an eRoom vulnerability. More info below:

ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.

  • Affected products: EMC SW: EMC Documentum eRoom 7.3 and later
  • Vulnerability Summary: EMC Documentum eRoom contains a possible vulnerability which can be potentially exploited to upload arbitrary files to the system.
  • Vulnerability Details: File-blocking feature introduced in EMC Documentum eRoom 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.
  • Resolution: The following EMC Documentum eRoom products contain resolution to this issue: EMC Documentum eRoom 7.4.3.g

Did you schedule eRoom migration to EMC Centerstage, Cisco Quad or Box.net? Please leave a reply!

This entry was posted in Frontpage, Security alert, Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply