Category Archives: ECM

Why exposing administrative interfaces is a bad idea — Via Documentum in a (nuts)HELL

After Alvaro’s blogpost I wanted to write something like: “Hey, you have missed something: you can create c6_method_return object, execute D2GetAdminTicketMethod, get encrypted admin’s ticket and use it as a password  […] via Why exposing administrative interfaces is a bad … Continue reading

Posted in ECM, Frontpage, OpenText, Uncategorized | Leave a comment

D2-Config DQL Editor — Via Alvaro de Andres’ Blog

D2-Config (at least in D2 4.5) has a servlet (/GetData) that is used internally to run DQLs. I though when I saw it that, in the same way the REST query service is limited to run read queries, this won’t … Continue reading

Posted in ECM, Frontpage, OpenText, Uncategorized | Tagged | Leave a comment

EMC Documentum 7.2 migration and Murphy’s laws

This month I completed a Documentum 7.2 migration of an existing Documentum 6.7 architecture. As in every Documentum project, I learned a lot. The first thing is that you can work hard in order to manage all possible risks but you will not … Continue reading

Posted in ECM, EMC, Frontpage, Next 2U Consulting | Tagged , , , , , , , , , | Leave a comment

EMC Documentum D2 Vulnerability explained

Last Thrursday EMC released the ESA-2016-034 security bulletin. This is related to a Documentum D2 vulnerability (CVE-2016-0888). As reported in the bulletin by EMC: Prior to EMC Documentum D2 4.6, many D2 Configuration object types were not properly protected with … Continue reading

Posted in ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , | Leave a comment

Adobe AEM & Digital Marketing Cloud conferences

The interest on Adobe AEM & Digital Marketing Cloud is growing day by day. That is confirmed by the job posts, by the projects released and shared on GitHub (for example, the fantastic projects released by the Adobe Consulting Services) or to not … Continue reading

Posted in Adobe, Consumer, ECM, Events, Social Networking & Collaboration, WCM | Tagged , , , , , | Leave a comment

Content Management repository is a graph – Part I

  In October, I attended the GraphConnect 2014 in San Francisco. GraphConnect is a conference and an event organised by Neo Technology, the company behind Neo4J, one of most important NoSql database. Neo4j is a graph database, a database that … Continue reading

Posted in Analytics, Big data, ECM, Enterprise Search, Frontpage, Technologies | Tagged , , , | Leave a comment

ESA-2014-046 – Multiple Content Server vulnerabilities fixed

Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the way EMC is working on vulnerabilities and if … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , | Leave a comment

ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability

Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC Documentum Digital Asset Manager 6.5 SP3 EMC Software: EMC Documentum Digital Asset Manager 6.5 SP4 … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-026: vulnerability explained

On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability. One month after that, in this … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , , | Leave a comment

OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content Server to communicate with the xPlore server; CAS plugin, used by the … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , , | Leave a comment