Share:|

Latest details from BMC

Last Updated: September 2, 2015 11:00 AM CDT

 

BMC Software’s Application Security team is investigating the impact that the Logjam Attack (CVE-2015-4000) described by a group of researchers in a dedicated website on May 20th has on the security posture of BMC products and services.

We will post updates to this webpage with our findings.

In the interim we suggest that you follow the instructions provided by the researchers who discovered the attack to minimize your exposure.

 

Products Affected by CVE-2015-4000Remediation / Patches
BMC Atrium Discovery and Dependency Mapping (ADDM)See the product documentation for details

BMC Bladelogic Server Automation (BSA) 8.6 SP1

BMC Bladelogic Decision Support for Server Automation (BDSSA)

See this article for remediation instructions.
Cloud Lifecycle Manager (CLM) (not including underlying Remedy AR platform)

See this blog post for remediation instructions

The next patch will include the required configuration changes.

BMC Atrium Orchestrator (BAO)

There is currently no feasible workaround in existing versions.

Release 7.8.01 will no longer be affected.

BMC Release Package and Deployment (RPD) prior to Version 4.4 patch 10

See this document for remediation instructions.

Versions 4.4 patch 10 and above are no longer impacted.

BMC Release Lifecycle Management (RLM) See RPD, RPM and BSA
BMC Workload Automation (Control-M)See this article for remediation instructions.
BMC Remedy AR System and ITSMSee this article for remediation instructions
Entuity Network Monitoring for BMC TrueSight Operations ManagementThere is no Logjam flaw in the Entuity solution itself. Please contact BMC Customer Support for instructions on configuration changes that will reject certificates with insecure ciphers.
BMC Footprints Service CoreFor version 12 see this article. For versions 11.x contact BMC Customer Support.
The products listed in Table 2 below are unaffected by CVE-2015-4000.
Products that are unaffected by CVE-2015-4000
BMC Client Management (BCM) (previously Footprints Asset Core)
BMC Bladelogic Decision Support for Network Automation
BMC Bladelogic Decision Support for Database Automation
BMC Bladelogic Network Automation (BNA)
BMC Bladelogic Database Automation (BDA)
BMC Release Process Management (RPM)
BMC Middleware Administration (BMA)
BMC Data Center Automation Portal (DCA Portal)
Borland Silk Performer for TrueSight Operations Management
BMC TMART 4.2 SP3
AVNET (previously Seamless Technologies Event Integration for BMC ProactiveNet Performance Management)
BMC Mobile Device Management (MDM) (airwatch)
BMC AppSight
BMC BladeLogic Client Automation
BMC Identity Management
BMC IT Business Management
BMC Storage Data Management