This documentation supports the 1.3 version of Remedy with Smart IT.

To view the latest version, select the version from the Product version menu.

Security vulnerabilities when using Elasticsearch with MongoDB

Elasticsearch was used in BMC Remedy with Smart IT and BMC MyIT in conjunction with search functionality for data stored in MongoDB. 

BMC advises customers about two security vulnerabilities in Elasticsearch:

  • CVE-2015-1427—Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.
  • CVE-2015-5377—Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution.

KA433901 includes information about options for mitigating these vulnerabilities.

Was this page helpful? Yes No Submitting... Thank you

Comments