Fixes available for Remedy Mid Tier security vulnerabilities
BMC Software is alerting users to a serious problem that requires immediate attention in version 9.0 of Remedy Mid Tier.
We recommend that you immediately apply the fix as described in this topic.
If you have any questions about the problem, contact Customer Support.
October 16, 2019.
Security vulnerability issues
|Defect ID||CVSS v3 rating||Description|
|SW00558879||5.0||Reflected Cross-site scripting (XSS) is identified in Remedy Mid Tier.|
Unauthenticated remote code execution due to a server-side request forgery (SSRF) attack vector is identified in Remedy Mid Tier.
|10.0||Unauthenticated Remote Code Execution (RCE) vulnerability is identified in Remedy Mid Tier.|
Applying the security vulnerability fixes
Before applying the hotfix, ensure that you are on the base version of Mid Tier for which the hotfix package is available. For example, if your current Mid Tier version is 9.1.04, you must first install patch 002 for this version because the hotfix for 9.1.04 is available only for patch 002.
Perform the following steps to apply the hotfix package: