Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured when embedded within the Remedy AR Reporting engine.
------------------------------------------------------------------------ File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting BMC Identifier: BMC-2015-0006 CVE Identifier: CVE-2015-5072 ------------------------------------------------------------------------ By BMC Application Security, SEP 2015 ------------------------------------------------------------------------ Vulnerability summary ------------------------------------------------------------------------ A security vulnerability has been identified in BMC Remedy AR Reporting. The vulnerability can be exploited remotely allowing navigation to any file in the local file system. ------------------------------------------------------------------------ CVSS v2.0 Base Metrics ------------------------------------------------------------------------ Reference: CVE-2015-5072 Base Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N) Base Score: 4.0 ------------------------------------------------------------------------ Affected versions ------------------------------------------------------------------------ The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0. Earlier Versions may also be affected ------------------------------------------------------------------------ Resolution ------------------------------------------------------------------------ A hotfix as well as a workaround are available at https://kb.bmc.com/infocenter/index?page=content&id=KA429507 ------------------------------------------------------------------------ Credits ------------------------------------------------------------------------ Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de ------------------------------------------------------------------------ Reference ------------------------------------------------------------------------ CVE-2015-5072 Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security -----BEGIN PGP MESSAGE----- Version: GnuPG v2 owGtVltoHFUY3nhJk4WVthFFiOQYxVZJ9tYktauhbpaULubGblwaH4xnZ8/sHjMz Zz1zZi/kwYpgsVQsGquttmlsi0HQLu1DHqSxaKsRlVJBqySotUi1qVQNoX0S/zOb 29IqCjMsOzNnzvmv3//9/27Pza6aqtKqyYm5q9dGqj6fTboSt80f7eQcCxzyuPsz 1ETww0hhnBNFUGYgpiJmcZTlJEeZZaIUNRWNmRYniOiYakjlTEdxkhVETxKOght4 qgkF/YFWr8fdu/JklpmCGmlE9axGSQqJDBbwR5BJFItTUUQ5SzMIx0mqybc8sZWx HOGwO4/BNsPe39gRjfWjTiNNDdIIp3lOIwJRYRJN9S670dPbb29XsEmaUNISCPzM gIlysVIVtWVnWP4G8qVihRkqTVu2HRliIOlqKiXfqMgsWBUjOkkVUTgGT1nGbVeJ LQNs8ribHbo87i1UI2CuolmmTFClJwq2TLArWUS6jF3ZbLyYyZWe/bR9/1LswEX7 GLjS0R25kSseN/K45bdoihiCqpTwkNzbLDPd7Pf72zzuSKKz4jO8lz+3+jcGnYxA R9E2M5wFICll5+ILGGpC8c4+G362xc7pTFSE2bR0HfOikwrC/1QHGchOkgDq6GJs /y1RXtvv/usgrmADpCBSyGqMChDBic4E0YoIaxrLS7QaOEfT5XAKhrBRRGoZaja+ NaZgrbxiFk2ododhHUnE4ygX9PpRBxQs6iaCU8V0UkOMqEAlhkJCtTZYV4ITQCW1 JoD1GA/VysvjXh9OhHp84Uioyxe2QnFfJNTni8qVUM8DqHbpUBzokgB/tnj9zoYk rKpgD+QKKFDWuqPRkBBRNZxfxpdNF1yX1MwAKNQU1+PsIW8AkJFCm7x+L+CsE3Pg cg5xKxuIdCwBZTKJNbxgvsOVGCMm0ywJU2fLL8OESguSC/NE0+QdozzjQ5gzCzzG 0PFwDjoeTkIJYGF7lREia4Z8vqGkN6krXoXpPmqoTIFCJRweU6SwOYvTpB1iK2Dx fppqfyzcEtwEqHM4LBHoTtAD/4/Ik9P/TShSGV/qxUXZSITssRUEE0JxQbIZYJl+ mk4TszwXCPu5eZHZvCnibIUslbSzTFRBDZClKOSU62VqxEkGowRUxTo5F3CgXSwI TDmQ9JScimSsSAHSbwBdVnLw8uxUnrMEkvgB+OTz+SX8LMbqxar6W1xVNa7qW2+S U5rLXbt6cXSbaqtxlepeE2d/e7Aab227eujtcJo/Ezgze+H0QOytvXWvnn3iTM8M Xjv8/Hz08Z7p839teLJ6rC9wtDQ/MrPqy/F9r98ZRavjXwWMU43m3l3vnRPnjx+q P7f72Md3szcv71PmN850tfaO/pppuDI4cM/2I8Pr53a+oWin0h92HxifiCrHfhiZ 0tU1j37WcvgSOvh9bu2nY8Nj7ovj6wr55tng++9MbCHHT66ZSuzf/OO9O/uGXnlp W6l0beCuwOlL73431bPrk/um3Q837YjEny3c8fM3l/0vbz1xcbrK9csj4faG0cnn PHN/1B1oeKFh9Ip5eNu3g0f2fL3nQtcHg78PafUfnbjd9cXTO0pP/Tnp+hs= =rUaq -----END PGP MESSAGE-----
