Pablo Gaston Milano has reported a vulnerability in Documentum Administrator and Documentum Webtop, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the "dmclTrace.jsp" script when writing to files. This can be exploited to e.g. place a malicious script on the web server by writing malicious content to an arbitrary file.
The vulnerability is reported in Documentum Administrator 188.8.131.523 and Documentum Webtop 184.108.40.2067. Other versions may also be affected.
Solution: The vendor has reportedly fixed the vulnerability in SP4 and later.
Provided and/or discovered by: Pablo Gaston Milano, CYBSEC S.A.
Original Advisory: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org