This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured when embedded within the Remedy AR Reporting engine.
------------------------------
File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
BMC Identifier: BMC-2015-0006
CVE Identifier: CVE-2015-5072
------------------------------
By BMC Application Security, SEP 2015
------------------------------
Vulnerability summary
------------------------------
A security vulnerability has been identified in BMC Remedy AR Reporting.
The vulnerability can be exploited remotely allowing navigation to any file in the local file system.
------------------------------
CVSS v2.0 Base Metrics
------------------------------
Reference:
CVE-2015-5072
Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Base Score:
4.0
------------------------------
Affected versions
------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected
------------------------------
Resolution
------------------------------
A hotfix as well as a workaround are available at
https://kb.bmc.com/infocenter/
------------------------------
Credits
------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de
------------------------------
Reference
------------------------------
CVE-2015-5072
Information about BMC's corporate procedure for external vulnerability disclosures is athttp://www.bmc.com/security
Komentarų nėra:
Rašyti komentarą