Improper Permission Enforcement in EMC Documentum xPlore Allows Unauthorized Object Discovery and Metadata Reading

Improper Permission Enforcement in EMC Documentum xPlore Allows Unauthorized Object Discovery and Metadata Reading

CVE-2012-0396 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.

Learn more about our User Device Pen Test.