Fix available for OpenSSL related vulnerability
BMC Software is alerting users to an OpenSSL related vulnerability in TrueSight Server Automation – Data Warehouse that could allow privilege escalation and requires immediate attention.
If you have any questions about the issue, contact Customer Support.
Last updated: June 19, 2025
Issue
A vulnerability has been identified in TrueSight Server Automation - Data Warehouse components where under certain conditions, configuration files from unintended locations may be loaded. This could potentially allow a non-administrative user to influence the application’s behavior in a way that may result in elevated privileges.
We recommend that you immediately apply the fix as described in this topic.
Resolution
Download the hotfix required for your platform from the Patches tab of the following EPD website page and apply the hotfix. You must provide your BMC Support credentials to access the EPD website. You might also be prompted to complete the Export Compliance form.
Platform | EPD Download Link | Item name | File name | md5 checksum |
|---|---|---|---|---|
Windows/Linux | TSSA-DW_23.2.00_OpenSSL_hotfix | TSSA-DW_23.2.00_OpenSSL_hotfix.zip | C97989AECC34707822D713E82C4BD287 |
Apply the hotfix to the TrueSight Server Automation - Data Warehouse Server
To apply the hotfix, do the following on the TrueSight Server Automation – Data Warehouse Server host:
- Stop TrueSight Server Automation – Data Warehouse Authentication Service.
Take a backup of the following files and keep them outside <TSSA-DW_Install_Location>.
- If TrueSight Server Automation – Data Warehouse is installed on a Windows server, then use the following file and location:
File Location libblcrypto-3-x64.dll <TSSA-DW_Install_Location>\bin If TrueSight Server Automation – Data Warehouse is installed on a Linux server, then use the following file and location:
File Location libblcrypto.so.3 <TSSA-DW_Install_Location>/lib
- If TrueSight Server Automation – Data Warehouse is installed on a Windows server, then use the following file and location:
- Download and extract TSSA-DW_23.2.00_OpenSSL_hotfix.zip in the temp location on the TrueSight Server Automation – Data Warehouse server.
Replace the files from temp to the given location below, and make sure the copied files have the correct permissions and owner as previously installed files.
If TrueSight Server Automation – Data Warehouse is installed on a Windows server, use the following file and locations:
File Location Windows\libblcrypto-3-x64.dll <TSSA-DW_Install_Location>\bin If TrueSight Server Automation – Data Warehouse is installed on a Linux server, use the following file and locations:
File Location Linux/libblcrypto.so.3 <TSSA-DW_Install_Location>/lib
- Start the TrueSight Server Automation – Data Warehouse Authentication service.