EMC Documentum Content Server Information Disclosure (ESA-2015-131)

2015-08-1900:00:00

www.tenable.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS

0.001

Percentile

49.6%

JSON

The version of EMC Documentum Content Server running on the remote host is affected an information disclosure vulnerability due to passwords being stored as plaintext in log files for users with inline authentication. An authenticated, remote attacker with access to the log files can exploit this to login using the password of a different user. Note that this issue is present only when RPC tracing is enabled.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(85545);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id("CVE-2015-4536");
  script_bugtraq_id(76412);

  script_name(english:"EMC Documentum Content Server Information Disclosure (ESA-2015-131)");
  script_summary(english:"Checks for the Documentum Content Server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an information disclosure
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of EMC Documentum Content Server running on the remote
host is affected an information disclosure vulnerability due to
passwords being stored as plaintext in log files for users with
inline authentication. An authenticated, remote attacker with access
to the log files can exploit this to login using the password of a
different user. Note that this issue is present only when RPC tracing
is enabled.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2015/Aug/att-86/ESA-2015-131.txt");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4536");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:documentum_content_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_documentum_content_server_installed.nbin");
  script_require_keys("installed_sw/EMC Documentum Content Server");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("emc_documentum.inc");

app_name = DOC_APP_NAME;
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);

fixes = make_nested_list(
  make_list("7.0P20"),
  make_list("7.1P18"),
  make_list("7.2P02")
);

documentum_check_and_report(install:install, fixes:fixes, severity:SECURITY_NOTE);