Home / vulnerabilitiesPDF  

BMC Remedy AR 8.1 / 9.0 File Inclusion

Posted on 25 September 2015
Source : packetstormsecurity.org Link

 

------------------------------------------------------------------------
File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy
AR Reporting

BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015

------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy
AR Reporting.

The vulnerability can be exploited remotely allowing navigation to
any local or remote file.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:
CVE-2015-5071

Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Base Score:
4.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected

------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at

https://kb.bmc.com/infocenter/index?page=content&id=KA429507

------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071

Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security

 

TOP

Malware :

Exploits :