This documentation supports the 9.0 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Fixes available for Remedy Mid Tier security vulnerabilities

BMC Software is alerting users to a serious problem that requires immediate attention in version 9.0 of Remedy Mid Tier.

We recommend that you immediately apply the fix as described in this topic.

If you have any questions about the problem, contact Customer Support.

October 16, 2019.

Security vulnerability issues

Defect IDCVSS v3 ratingDescription
SW005588795.0Reflected Cross-site scripting (XSS) is identified in Remedy Mid Tier.




Unauthenticated remote code execution due to a server-side request forgery (SSRF) attack vector is identified in Remedy Mid Tier.


10.0Unauthenticated Remote Code Execution (RCE) vulnerability is identified in Remedy Mid Tier.

Applying the security vulnerability fixes

Before applying the hotfix, ensure that you are on the base version of Mid Tier for which the hotfix package is available. For example, if your current Mid Tier version is 9.1.04, you must first install patch 002 for this version because the hotfix for 9.1.04 is available only for patch 002.

Perform the following steps to apply the hotfix package:

  1. Download the hotfix deployment package from the following location:
  2. Activate the Mid Tier security filters as described in the hotfix readme file.

  3. Apply the hotfix package. For more information, see the Knowledge article 00156025
Was this page helpful? Yes No Submitting... Thank you