Vulnerability : isehlt : BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting

2015 m. rugsėjo 24 d., ketvirtadienis

BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting

------------------------------------------------------------
------------
File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy
AR Reporting

BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015

------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy
AR Reporting.

The vulnerability can be exploited remotely allowing navigation to
any local or remote file.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:
CVE-2015-5071

Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Base Score:
4.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected

------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at

https://kb.bmc.com/infocenter/index?page=content&id=KA429507

------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071

Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security

Vulnerability : isehlt

2015 m. rugsėjo 24 d., ketvirtadienis

BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting

Komentarų nėra:

Rašyti komentarą

Tinklaraščio archyvas

Translate

Ieškoti šiame dienoraštyje

Populiarūs įrašai