EUVD-2015-4554

Malware in sbrugna...

ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2015-131 CVE Identifier: CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536 Severity Rating: CVSS v2 Base Score: See below f...

CVE-2015-4535

Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when debugtrace is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing ...

CVE-2015-4535

Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when debugtrace is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing ...

CVE-2015-4535

CVE-2015-4535 affects EMC Documentum Content Server where Java Method Server (JMS) can be exploited when debug_trace is enabled to let remote authenticated users gain super-user privileges by reading a log containing a login ticket. This is part of a set of vulnerabilities in the ESA-2015-131 adv...

CVE-2015-4534

EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...