Thomas Kas Thomas

Documentum Fixes Security Flaw

6-Feb-2008

Tags: Document Management (ECM), Web Content and Experience Management, , Documentum Web Content Management

Yesterday, security analysis firm CYBSEC S.A. released an advisory describing a vulnerability in Documentum 5.3 that, if uncorrected, would "allow an attacker to overwrite arbitrary files on the server filesystem." The vulnerability reportedly affects Documentum Administrator Version 5.3.0.313 and Documentum Webtop version 5.3.0.317. CYBSEC said other applications and versions may also be affected.

EMC Corporation's Documentum division was notified of the situation on December 17, 2007 and responded to CYBSEC the same day. CYBSEC says it supplied EMC with a "fully functional exploit" for analysis.

Documentum confirmed on January 4 that the fix was in SP4. If you are like most EMC customers and still running Documentum 5.3 (the latest is D6, released in August 2007), you should check to make sure your system is up-to-date with respect to service packs.

Indeed, whatever tool you deploy, keeping up with service packs with the same surety that you track patches to your operating system(s) is essential.

    Now Get the Complete Real Story

    Vendor Evaluations

    Learn the real strengths and weaknesses of major vendors from around the world, in our research stream.