Latest details from BMC
Last Updated: September 2, 2015 11:00 AM CDT
BMC Software’s Application Security team is investigating the impact that the Logjam Attack (CVE-2015-4000) described by a group of researchers in a dedicated website on May 20th has on the security posture of BMC products and services.
We will post updates to this webpage with our findings.
|In the interim we suggest that you follow the instructions provided by the researchers who discovered the attack to minimize your exposure.|
|Products Affected by CVE-2015-4000||Remediation / Patches|
|BMC Atrium Discovery and Dependency Mapping (ADDM)||See the product documentation for details|
BMC Bladelogic Server Automation (BSA) 8.6 SP1
BMC Bladelogic Decision Support for Server Automation (BDSSA)
|See this article for remediation instructions.|
|Cloud Lifecycle Manager (CLM) (not including underlying Remedy AR platform)|
See this blog post for remediation instructions
The next patch will include the required configuration changes.
|BMC Atrium Orchestrator (BAO)|
There is currently no feasible workaround in existing versions.
Release 7.8.01 will no longer be affected.
|BMC Release Package and Deployment (RPD) prior to Version 4.4 patch 10|
See this document for remediation instructions.
Versions 4.4 patch 10 and above are no longer impacted.
|BMC Release Lifecycle Management (RLM)||See RPD, RPM and BSA|
|BMC Workload Automation (Control-M)||See this article for remediation instructions.|
|BMC Remedy AR System and ITSM||See this article for remediation instructions|
|Entuity Network Monitoring for BMC TrueSight Operations Management||There is no Logjam flaw in the Entuity solution itself. Please contact BMC Customer Support for instructions on configuration changes that will reject certificates with insecure ciphers.|
|BMC Footprints Service Core||For version 12 see this article. For versions 11.x contact BMC Customer Support.|
|The products listed in Table 2 below are unaffected by CVE-2015-4000.|
|Products that are unaffected by CVE-2015-4000|
|BMC Client Management (BCM) (previously Footprints Asset Core)|
|BMC Bladelogic Decision Support for Network Automation|
|BMC Bladelogic Decision Support for Database Automation|
|BMC Bladelogic Network Automation (BNA)|
|BMC Bladelogic Database Automation (BDA)|
|BMC Release Process Management (RPM)|
|BMC Middleware Administration (BMA)|
|BMC Data Center Automation Portal (DCA Portal)|
|Borland Silk Performer for TrueSight Operations Management|
|BMC TMART 4.2 SP3|
|AVNET (previously Seamless Technologies Event Integration for BMC ProactiveNet Performance Management)|
|BMC Mobile Device Management (MDM) (airwatch)|
|BMC BladeLogic Client Automation|
|BMC Identity Management|
|BMC IT Business Management|
|BMC Storage Data Management|