Notification of critical security issues in BMC Decision Support for Server Automation
BMC Software is alerting users to two critical security issues that require immediate attention in version 8.7, 8.8, and 8.9 of the BMC Decision Support for Server Automation product.
This topic includes the following sections:
Issue 1: A sensitive information disclosure vulnerability has been identified in BMC Decision Support for Server Automation that allows unauthenticated users to retrieve sensitive information such as database credentials. (DRBSP-14769)
Issue 2 : A path traversal vulnerability has been identified in BMC Decision Support for Server Automation that allows unauthenticated users to read potentially sensitive files in the document root such as compiled source code. (DRBLG-114509)
Due to the severity of these vulnerabilities, BMC strongly recommends that you apply the update provided by this flash as soon as possible.
The fix for the issues is accomplished by using a hotfix.
You can download the zip file containing the hotfix by following the instructions in the Knowledge Article 000158640. You must be logged on to this page to see the KA.
BMC would like to thank Pawel Gocyla for disclosing these vulnerabilities.
Where to go for additional information
If you have any questions about the issue, contact BMC Customer Support at 800 5371813 (United States or Canada) or call your local support center.