Category Archives: EMC

EMC Documentum 7.2 migration and Murphy’s laws

This month I completed a Documentum 7.2 migration of an existing Documentum 6.7 architecture. As in every Documentum project, I learned a lot. The first thing is that you can work hard in order to manage all possible risks but you will not … Continue reading

Posted in ECM, EMC, Frontpage, Next 2U Consulting | Tagged , , , , , , , , , | Leave a comment

EMC Documentum D2 Vulnerability explained

Last Thrursday EMC released the ESA-2016-034 security bulletin. This is related to a Documentum D2 vulnerability (CVE-2016-0888). As reported in the bulletin by EMC: Prior to EMC Documentum D2 4.6, many D2 Configuration object types were not properly protected with … Continue reading

Posted in ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , | Leave a comment

ESA-2014-046 – Multiple Content Server vulnerabilities fixed

Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the way EMC is working on vulnerabilities and if … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , | Leave a comment

ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability

Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC Documentum Digital Asset Manager 6.5 SP3 EMC Software: EMC Documentum Digital Asset Manager 6.5 SP4 … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-026: vulnerability explained

On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability. One month after that, in this … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , , | Leave a comment

ESA-2014-045 Documentum D2 Vulnerability

Today EMC released a note related to a vulnerability that affect the Documentum D2 client. The CVE vulnerability identifier is CVE-2014-2504 (score 8.5). The affected products are EMC Documentum D2 3.1 and patch versions EMC Documentum D2 3.1SP1 and patch versions … Continue reading

Posted in EMC, Security alert | Tagged , , | Leave a comment

OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content Server to communicate with the xPlore server; CAS plugin, used by the … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , , | Leave a comment

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems because simply these don’t use OpenSSL! Some concerns just about the on premise edition of Syncplicty. Cause Due to a missing bounds check in OpenSSL during the TLS heartbeat extension, up … Continue reading

Posted in EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-023: EMC Documentum JBOSS Remote Code Execution Vulnerability

Today EMC published two security bulletins. The first one, the ESA-2014-026, is a vulnerability I discovered. The second one is related to a standard Jboss vulnerability. Jboss is used for some Documentum component like Documentum Java Method Server and xPlore. Below … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Security alert, Technologies, Uncategorized | Tagged , | Leave a comment

ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability

This January I discovered a security issue that affects some EMC Documentum Content Server engines. EMC resolved this issue and just today released the security bulletin Esa-2014-26. This is the second credit I received from EMC after the one published … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Next 2U Consulting, Security alert, Technologies | Tagged , | Leave a comment