Vulnerability Details : CVE-2015-4536
EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.
Vulnerability category: Information leak
Products affected by CVE-2015-4536
- cpe:2.3:a:emc:documentum_content_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:documentum_content_server:7.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4536
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2015-4536
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4536
-
http://seclists.org/bugtraq/2015/Aug/86
Bugtraq: ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
-
http://www.securityfocus.com/bid/76412
EMC Documentum Content Server CVE-2015-4536 Information Disclosure Vulnerability
-
http://www.securitytracker.com/id/1033296
EMC Documentum Bugs Let Remote Authenticated Users Obtain Passwords, Gain Elevated Privileges, and Execute Arbitrary Code - SecurityTracker
Jump to