Documentum Content Server
CVE-2015-4536
LOW
Severity by source
AV:N/AC:M/Au:S/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:S/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
AnalysisAI
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. Affected products include: Emc Documentum Content Server. Version information: before 7.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Documentum Content Server
View allOpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the i
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote aut
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and re
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Doc
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 befo
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 d
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote a
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design ga
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today