This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Viewer" was configured when embedded within the Remedy AR Reporting engine.
------------------------------
File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------
By BMC Application Security, SEP 2015
------------------------------
Vulnerability summary
------------------------------
A security vulnerability has been identified in BMC Remedy AR Reporting.
The vulnerability can be exploited remotely allowing navigation to any local or remote file.
------------------------------
CVSS v2.0 Base Metrics
------------------------------
Reference:
CVE-2015-5071
Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Base Score:
4.0
------------------------------
Affected versions
------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected
------------------------------
Resolution
------------------------------
A hotfix as well as a workaround are available at
https://kb.bmc.com/infocenter/
------------------------------
Credits
------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de
------------------------------
Reference
------------------------------
CVE-2015-5071
Information about BMC's corporate procedure for external vulnerability disclosures is athttp://www.bmc.com/security
Komentarų nėra:
Rašyti komentarą