Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Notification of critical security issues in BMC Decision Support for Server Automation


BMC Software is alerting users to two critical security issues that require immediate attention in version 8.7, 8.8, and 8.9 of the BMC Decision Support for Server Automation product. 

This topic includes the following sections:

Issues

Issue 1: A sensitive information disclosure vulnerability has been identified in BMC Decision Support for Server Automation that allows unauthenticated users to retrieve sensitive information such as database credentials(DRBSP-14769)

Issue 2 : A path traversal vulnerability has been identified in BMC Decision Support for Server Automation that allows unauthenticated users to read potentially sensitive files in the document root such as compiled source code(DRBLG-114509)

Due to the severity of these vulnerabilities, BMC strongly recommends that you apply the update provided by this flash as soon as possible.

Solution

The fix for the issues is accomplished by using a hotfix. 

Note

You can download the zip file containing the hotfix by following the instructions in the Knowledge Article 000158640. You must be logged on to this page to see the KA.

You must log in or register to view this page

Credit

BMC would like to thank Pawel Gocyla for disclosing these vulnerabilities.

Where to go for additional information

If you have any questions about the issue, contact BMC Customer Support at 800 5371813 (United States or Canada) or call your local support center.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*