Skip to Content

Fix available for OpenSSL related vulnerability

BMC Software is alerting users to an OpenSSL related vulnerability in TrueSight Server Automation that could allow privilege escalation and requires immediate attention.

If you have any questions about the issue, contact Customer Support.

Last updated: May 16, 2025

Issue

A vulnerability has been identified in TrueSight Server Automation components where under certain conditions, configuration files from unintended locations may be loaded. This could potentially allow a non-administrative user to influence the application’s behavior in a way that may result in elevated privileges.

We recommend that you immediately apply the fix as described in this topic.

Resolution

Download the hotfix required for your platform from the Patches tab of the following EPD website page and apply the hotfix. You must provide your BMC Support credentials to access the EPD website. You might also be prompted to complete the Export Compliance form.

Platform

EPD Download Link

Item name

File name

md5 checksum

Build number

Windows/Linux

TSSA231_OpenSSL_hotfixTSSA231_OpenSSL_hotfix.zipb4b23e5d0bbe8189a4d2c208747f82a323.1.00.15
Warning

Important

The hotfixes for versions 23.1.00 is listed under a common Patches tab on EPD. To search for a particular hotfix, enter the exact version number (for example, 23.1.00) in the Name filter.

Applying the hotfix

Apply the hotfix to various components as shown below:

To Apply the hotfix to the Application Server or PXE Server

To apply the hotfix, do the following on each Application Server host:

  1. Stop the application server
  2. Stop RSCD, PXE & TFTP server service (If applicable).

  3. Take a backup of the following files and keep them outside <TSSA_Install_Location>.

    1. If Appserver is Windows, use the following files and locations:
      FileLocation
      bllibeay64.dll

      <TSSA_Install_Location>/NSH/bin/

      bllibeay32.dll

      <TSSA_Install_Location>/NSH/bin/

      cygblcrypto-1.0.0.dll

      <TSSA_Install_Location>/NSH/bin/

      bllibeay64.dll

      <TSSA_Install_Location>/pxe/bin/ (If applicable)

      bllibeay64.dll

      <RSCD_Install_Location>/RSCD/ (If applicable)

      smartagent.exe

      <RSCD_Install_Location>/RSCD/ (If applicable)

    2. If Appserver is Linux, use the following files and locations:

      FileLocation
      libblcrypto.so.1.0.0

      <TSSA_Install_Location>/lib/

      smartagent<TSSA_Install_Location>/bin/ (If applicable)
  4. Download and extract TSSA231_OpenSSL_hotfix.zip in temp location.
  5. Replace the files from temp to given location below and make sure the copied files have correct permissions and owner as previously installed files.

    1. If Appserver is Windows, use following files and locations:

      FileLocation
      Windows/bllibeay64.dll

      <TSSA_Install_Location>/NSH/bin/

      Windows/bllibeay32.dll

      <TSSA_Install_Location>/NSH/bin/

      Windows/cygblcrypto-1.0.0.dll

      <TSSA_Install_Location>/NSH/bin/

      Windows/bllibeay64.dll

      <TSSA_Install_Location>/pxe/bin/ (If applicable)

      Windows/bllibeay64.dll

      <RSCD_Install_Location>/RSCD/ (If applicable)

      Windows/smartagent.exe

      <RSCD_Install_Location>/RSCD/ (If applicable)

    2. If Appserver is Linux, use the following files and locations:

      FileLocation
      Linux/libblcrypto.so.1.0.0

      <TSSA_Install_Location>/lib/

      Linux/smartagent<TSSA_Install_Location>/bin/ (If applicable)
  6. Start RSCD, PXE & TFTP server service (If applicable).
  7. Start the application server service.
    Important: If you add a new Appserver host to your environment, make sure that you manually apply these fixes on the new host using the steps outlined above, as full installers are not available for Appserver components.

To apply the hotfix to the console (RCP client) or NSH installed server

  1. Close all running RCP and/or NSH process. If agent is installed, Stop RSCD agent service.

  2. Take backup of following files and keep outside <TSSA_Install_Location>.

    1. If RCP/NSH is installed on Windows server, then use following files and location:
      FileLocation
      bllibeay64.dll

      <TSSA_Install_Location>/NSH/bin/

      cygblcrypto-1.0.0.dll<TSSA_Install_Location>/NSH/bin/
      bllibeay64.dll

      <RSCD_Install_Location>/RSCD/ (If applicable)

      smartagent.exe

      <RSCD_Install_Location>/RSCD/ (If applicable)

    2. If NSH is installed on Linux server, then use following files and location:

      FileLocation
      libblcrypto.so.1.0.0

      <TSSA_Install_Location>/lib/

      smartagent<TSSA_Install_Location>/bin/ (If applicable)
  3. Download and extract TSSA231_OpenSSL_hotfix.zip in temp location.
  4. Replace the files from temp to given location below and make sure the copied files have correct permissions and owner as previously installed files.

    1. If RCP/NSH is installed on a Windows server, then use following files and location:

      FileLocation
      Windows/bllibeay64.dll

      <TSSA_Install_Location>/NSH/bin/

      Windows/cygblcrypto-1.0.0.dll<TSSA_Install_Location>/NSH/bin/
      Windows/bllibeay64.dll

      <RSCD_Install_Location>/RSCD/ (If applicable)

      Windows/smartagent.exe

      <RSCD_Install_Location>/RSCD/ (If applicable)

    2. If NSH is installed on Linux server, then use following files and location:

      FileLocation
      Linux/libblcrypto.so.1.0.0

      <TSSA_Install_Location>/lib/

      Linux/smartagent<TSSA_Install_Location>/bin/ (If applicable)
  5. Start RSCD agent service (If applicable) and run sanity use cases (like Server Live browse, NSH here, agentinfo command, etc.).
  6. Repeat all above steps on all server hosts where RCP or NSH is installed.

To apply the hotfix to RSCD Agent on Target Server

  1. Download and extract TSSA231_OpenSSL_hotfix.zip in a temporary location on the application server.
  2. If Appserver is Linux, update the permission to 755 for all the contents available under the unzip directory.
  3. Unzip TSSA231_OpenSSL_hotfix.zip and copy the rscd and redist directories to the path where CreateDepotSoftwareForAgents.nsh is available under the unzip directory.
  4. Run the following command to import the Agent bundle in TSSA:
    1. Launch NSH.
    2. Acquire credentials with the following command,
      1. blcred cred -acquire -profile <ProfileName> -username BLAdmin -password <password>
      2. nsh CreateDepotSoftwareForAgents.nsh false '<ProfileName>' 'BLAdmins' '<rscd_folder_path>' '<TSSA_Version>'
        Example:
        nsh "/C/Installers/BBSA89-WIN64/Disk1/files/installers/rscd/CreateDepotSoftwareForAgents.nsh" false "defaultProfile" "BLAdmins" "/C/Installers/BBSA89-WIN64/Disk1/files/installers/rscd" "21.02.00.174"
  5. Connect to RCP and navigate to /BMC Maintenance/Agent Installer Jobs/ under Jobs and run Agent Installer Upgrade Job 23.1.00.15 job against the target.
  6. Once Job execution is completed, run the Update Server Properties (USP) job to update the agent version for targets.
    Important:  
        • Agent Build number will be updated to 23.1.00.15.  
        • For other Agent installer platforms refer TSSA231-Optional.zip.
        • During RSCD agent upgrade the RSCD agent service will be restarted.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Server Automation 23.1