CVE-2015-4537 : Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a serve

Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.

Published 2015-08-22 18:59:02

Updated 2016-12-24 02:59:19

Source Dell

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2015-4537

EMC » Documentum D2
Versions up to, including, (<=) 4.4
cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-4537

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-4537

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-4537

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4537

http://seclists.org/bugtraq/2015/Aug/117

Bugtraq: ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
http://www.securitytracker.com/id/1033345

EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System - SecurityTracker

Jump to

Vulnerability Details : CVE-2015-4537

Products affected by CVE-2015-4537

Exploit prediction scoring system (EPSS) score for CVE-2015-4537

CVSS scores for CVE-2015-4537

CWE ids for CVE-2015-4537

References for CVE-2015-4537