ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability.

This week EMC published a new security advisory. This time the advisory is related to Documentum xPlore.

Affected products:

  • EMC Documentum xPlore 1.0 (all patch versions)
  • EMC Documentum xPlore 1.1 (all patch versions prior to 1.1 P07)
  • EMC Documentum xPlore 1.2 (all patch versions)

As reported in the advisory:

EMC Documentum xPlore contains an information disclosure vulnerability that may allow unauthorized users, under certain circumstances, to see certain information on protected objects in an xPlore search result. They will not, however, be allowed to view the objects themselves, or any associated content.

Under specific circumstances, an authenticated user who does not have BROWSE permission on the object may be able to see the existence of or certain metadata on that object in a search result. However, the user will not be able to open the object or to look at property details for the object.

Resolution: The following EMC Documentum xPlore products contain resolutions to this issue:

  • EMC Documentum xPlore xPlore 1.1 P07
  • EMC Documentum xPlore 1.2 Hotfix for SRCH-7949

EMC strongly recommends all customers upgrade or install identified patches at the earliest opportunity. Documentum xPlore 1.1 patches can be found under the Documentum Content Server 6.7 directory.

 

This entry was posted in ECM, EMC, Enterprise Search, Security alert and tagged . Bookmark the permalink.

Leave a Reply