While they were arguing what the meaning of "responsible" is in
"responsible disclosure", I overheard that a critical pre-
authentication Remote Code Execution vulnerability affecting EMC
Documentum was silently reported to EMC in 2006. The vulnerability
was later silently fixed. No credit was given. No credit was taken.
No Metasploit module was developed.
If you are using Documentum to manage your intellectual properties,
you know what you should do. Many critical vulnerabilities were
fixed. Your expensive VM tools don't have any information about
them. Whenever possible, keep your software up-to-date.
May the force be with you,