Category Archives: Vendors

EMC Documentum D2 Vulnerability explained

Last Thrursday EMC released the ESA-2016-034 security bulletin. This is related to a Documentum D2 vulnerability (CVE-2016-0888). As reported in the bulletin by EMC: Prior to EMC Documentum D2 4.6, many D2 Configuration object types were not properly protected with … Continue reading

Posted in ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , | Leave a comment

Adobe AEM & Digital Marketing Cloud conferences

The interest on Adobe AEM & Digital Marketing Cloud is growing day by day. That is confirmed by the job posts, by the projects released and shared on GitHub (for example, the fantastic projects released by the Adobe Consulting Services) or to not … Continue reading

Posted in Adobe, Consumer, ECM, Events, Social Networking & Collaboration, WCM | Tagged , , , , , | Leave a comment

QR Code generator component for Adobe AEM / CQ5

I like so much Adobe AEM: it is very easy to customize this product and make our customers happier. Moreover, Adobe AEM is based on a wonderful stack: it is easier to work on a state of art technology: Apache Jackrabbit … Continue reading

Posted in Adobe, WCM | Tagged , , , , , , , | Leave a comment

ESA-2014-046 – Multiple Content Server vulnerabilities fixed

Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the way EMC is working on vulnerabilities and if … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , | Leave a comment

ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability

Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC Documentum Digital Asset Manager 6.5 SP3 EMC Software: EMC Documentum Digital Asset Manager 6.5 SP4 … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-026: vulnerability explained

On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability. One month after that, in this … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Next 2U Consulting, Security alert | Tagged , , , | Leave a comment

ESA-2014-045 Documentum D2 Vulnerability

Today EMC released a note related to a vulnerability that affect the Documentum D2 client. The CVE vulnerability identifier is CVE-2014-2504 (score 8.5). The affected products are EMC Documentum D2 3.1 and patch versions EMC Documentum D2 3.1SP1 and patch versions … Continue reading

Posted in EMC, Security alert | Tagged , , | Leave a comment

OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content Server to communicate with the xPlore server; CAS plugin, used by the … Continue reading

Posted in ECM, EMC, Frontpage, Security alert | Tagged , , , | Leave a comment

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems because simply these don’t use OpenSSL! Some concerns just about the on premise edition of Syncplicty. Cause Due to a missing bounds check in OpenSSL during the TLS heartbeat extension, up … Continue reading

Posted in EMC, Frontpage, Security alert | Tagged , , | Leave a comment

ESA-2014-023: EMC Documentum JBOSS Remote Code Execution Vulnerability

Today EMC published two security bulletins. The first one, the ESA-2014-026, is a vulnerability I discovered. The second one is related to a standard Jboss vulnerability. Jboss is used for some Documentum component like Documentum Java Method Server and xPlore. Below … Continue reading

Posted in Blogroll, ECM, EMC, Frontpage, Security alert, Technologies, Uncategorized | Tagged , | Leave a comment