Lucene search
DellCVE-2015-4537HistoryAug 22, 2015 - 6:59 p.m.
CVE-2015-4537
2015-08-2218:59:02
CWE-200
dell
web.nvd.nist.gov
39
emc documentum d2
lockbox
hardcoded passphrase
admin ticket decryption
cve-2015-4537
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
47.4%
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.
Affected configurations
Node
emcdocumentum_d2Range≤4.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | documentum_d2 | * | cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:* |
Related
prion
prion
Hardcoded credentials
2015-08-22 18:59:00
cvelist
cvelist
CVE-2015-4537
2015-08-22 18:00:00
nvd
nvd
CVE-2015-4537
2015-08-22 18:59:02
securityvulns
securityvulns
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
2015-08-24 00:00:00
EMC Documentum multiple security vulnerabilities
2015-09-14 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
47.4%
Related for CVE-2015-4537