CVE-2015-0517

2015-02-1415:59:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.002

Percentile

54.2%

JSON

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.

Affected configurations

Nvd

Node

emcdocumentum_d2Match3.1-

emcdocumentum_d2Match3.1sp1

emcdocumentum_d2Match4.0

emcdocumentum_d2Match4.1

emcdocumentum_d2Match4.2

VendorProductVersionCPE
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:-:*:*:*:*:*:*
emcdocumentum_d23.1cpe:2.3:a:emc:documentum_d2:3.1:sp1:*:*:*:*:*:*
emcdocumentum_d24.0cpe:2.3:a:emc:documentum_d2:4.0:*:*:*:*:*:*:*
emcdocumentum_d24.1cpe:2.3:a:emc:documentum_d2:4.1:*:*:*:*:*:*:*
emcdocumentum_d24.2cpe:2.3:a:emc:documentum_d2:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:-::::::
emc	documentum_d2	3.1	cpe:2.3:a:emc:documentum_d2:3.1:sp1::::::
emc	documentum_d2	4.0	cpe:2.3:a:emc:documentum_d2:4.0:::::::*
emc	documentum_d2	4.1	cpe:2.3:a:emc:documentum_d2:4.1:::::::*
emc	documentum_d2	4.2	cpe:2.3:a:emc:documentum_d2:4.2:::::::*