CVE-2015-4524

Name: CVE-2015-4524
Creator: NVD / NIST
Published: 2015-07-04T14:59:01.917+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.40%

Last modified Jun 17, 2026

CVE-2015-4524 is a vulnerability of currently unknown severity. Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.. EPSS estimates a 2.40% chance of exploitation in the next 30 days.

Description

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.

Metrics

EPSS Probability

2.40%

81.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions	Update
Emc	Documentum Administrator	6.7	Sp1
Emc	Documentum Administrator	7.0	—
Emc	Documentum Administrator	7.1	—
Emc	Documentum Administrator	7.2	—
Emc	Documentum Digital Asset Manager	6.5	Sp6
Emc	Documentum Taskspace	6.7	Sp1
Emc	Documentum Web Publisher	6.5	Sp7
Emc	Documentum Webtop	6.7	Sp1
Emc	Documentum Webtop	6.8	—

References

http://seclists.org/bugtraq/2015/Jul/9Mailing List, Third Party Advisory
http://www.securitytracker.com/id/1032770Third Party Advisory, VDB Entry
http://seclists.org/bugtraq/2015/Jul/9Mailing List, Third Party Advisory
http://www.securitytracker.com/id/1032770Third Party Advisory, VDB Entry

Timeline

Published: Jul 4, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-4524?

How severe is CVE-2015-4524?

Severity scoring for CVE-2015-4524 is pending analysis. The EPSS model estimates a 2.40% probability of exploitation in the next 30 days.

How do I fix CVE-2015-4524?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-4524?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST