Author Archives: Yuri Simione

Content Management repository is a graph – Part I

  In October, I attended the GraphConnect 2014 in San Francisco. GraphConnect is a conference and an event organised by Neo Technology, the company behind Neo4J, one of most important NoSql database. Neo4j is a graph database, a database that … Continue reading

Posted in Analytics, Big data, ECM, Enterprise Search, Frontpage, Technologies | Tagged , , , | Leave a comment

APIs for DUMMIES – eBook review – Apigee special edition

Yesterday I downloaded the APIs for DUMMIES ebook. I really liked this book because it in 2 or 3 hours you can read and learn about best practices of REST api best practices. This is just what we are doing right now … Continue reading

Posted in Consumer, Frontpage, Technologies | Tagged , , , | Leave a comment

ESA-2014-046 – Multiple Content Server vulnerabilities fixed

Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the way EMC is working on vulnerabilities and if … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , | Leave a comment

ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability

Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC Documentum Digital Asset Manager 6.5 SP3 EMC Software: EMC Documentum Digital Asset Manager 6.5 SP4 … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-026: vulnerability explained

On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability. One month after that, in this … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , , | Leave a comment

ESA-2014-045 Documentum D2 Vulnerability

Today EMC released a note related to a vulnerability that affect the Documentum D2 client. The CVE vulnerability identifier is CVE-2014-2504 (score 8.5). The affected products are EMC Documentum D2 3.1 and patch versions EMC Documentum D2 3.1SP1 and patch versions … Continue reading

Posted in EMC, Security alert | Tagged , , | Leave a comment

OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content Server to communicate with the xPlore server; CAS plugin, used by the … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , , | Leave a comment

E’ in edicola Mac magazine 067 – Macworld / iWorld 2014

Nella sezione ULTIMISSIME di Mac magazine 067, in edicola a Maggio 2014, sono pubblicati i primi articoli che ho tratto dalla partecipazione all’evento Macworld/iWorld 2014, a San Francisco dal 27 al 29 Marzo 2014.

Posted in Frontpage | Leave a comment

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems because simply these don’t use OpenSSL! Some concerns just about the on premise edition of Syncplicty. Cause Due to a missing bounds check in OpenSSL during the TLS heartbeat extension, up … Continue reading

Posted in EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-023: EMC Documentum JBOSS Remote Code Execution Vulnerability

Today EMC published two security bulletins. The first one, the ESA-2014-026, is a vulnerability I discovered. The second one is related to a standard Jboss vulnerability. Jboss is used for some Documentum component like Documentum Java Method Server and xPlore. Below … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Security alert, Technologies, Uncategorized | Tagged , | Leave a comment