Are you still using glorious EMC eRoom? Your system could need a little upgrade. This week the EMC Product Security Response Center published a bulletin related to an eRoom vulnerability. More info below:
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.
- Affected products: EMC SW: EMC Documentum eRoom 7.3 and later
- Vulnerability Summary: EMC Documentum eRoom contains a possible vulnerability which can be potentially exploited to upload arbitrary files to the system.
- Vulnerability Details: File-blocking feature introduced in EMC Documentum eRoom 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.
- Resolution: The following EMC Documentum eRoom products contain resolution to this issue: EMC Documentum eRoom 7.4.3.g
Did you schedule eRoom migration to EMC Centerstage, Cisco Quad or Box.net? Please leave a reply!