All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.
46663e14e60c2d3f94f374b2571e350b1e7744ac4f13a7cd8032e426b3ab94dfRemote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.
922ee5b10d55ca104fdafbfbabd2f4263e941bd47bdcae7794773725a1ceb3d4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed