Skip navigation
Share:|

Latest details from BMC

Last Updated: February 29, 2016 04:40PM CST

 

BMC Software’s Application Security team is investigating the impact that the OpenSSL security advisory published on January 28th has on the security posture of BMC products and services. The advisory includes a high severity vulnerability (CVE-2016-0701) that can potentially enable attackers to obtain private encryption keys and decipher encrypted communication. It only affects OpenSSL versions in the 1.0.2 branch.
The products listed in Table 1 below include OpenSSL libraries affected by the OpenSSL CVE-2016-0701 vulnerability.
Products Which Include Affected OpenSSLRemediation / Patches
BMC Client Management (BCM) - formerly Footprints Asset Core

v.11.7.0 - patch estimated February 19, 2016

v.12.0 - patch estimated February 26, 2016

v.12.1.0 - patch estimated March 4, 2016

BMC Release Package and Deployment (RPD)Patch estimated March 1, 2016
BMC TrueSight Capacity Optimization 10.5Patch estimated March 1, 2016
Borland Silk Performer Synthetic Transaction MonitoringPatch (10.5 release) estimated May 15, 2016
BMC Patrol for LinuxPatch estimated September 15, 2016
The products listed in Table 2 below either do not include OpenSSL libraries or include OpenSSL libraries unaffected by the OpenSSL CVE-2016-0701 vulnerability.
Products that do not include OpenSSLProducts that include OpenSSL, but are not vulnerable
BMC Atrium OrchestratorBMC Control-M (Server, Agent, Enterprise Manager, and AFT). See article here.
BMC Cloud Lifecycle ManagementBMC Footprints Service Core 11
BMC Decision Support for Database Automation

BMC MainView Console Automation for zEnterprise.

(Advisory: MainView Console Management Cumulative SSL Security Patch 2016.01.29 available for download on BMC Electronic Product Distribution site)

BMC Decision Support for Network AutomationBMC MainView SecureHMC
BMC MainView for z/OS solutionsBMC Server Automation (BSA)
BMC IMS for z/OS solutions
(all products and versions)

BMC Remedy AR System and ITSM Suite 7.6.04, 8.0, 8.1

BMC Remedy AR System and ITSM Suite 9.0, 9.1

BMC DB2 for z/OS solutions
(all products and versions)
BMC Remedy AR System 8.8
BMC Middleware AutomationBMC Atrium Discovery and Dependency Management (ADDM)
BMC TrueSight Middleware AdministrationBMC TrueSight Middleware Transaction Monitor (TMTM)

BMC Middleware Management -

Transaction Analytics for WebSphere MQ (StatWatch)

BMC TrueSight Pulse

BMC TrueSight Intelligence

BMC Release Process ManagerBMC Transaction Management Application Response Time (TMART)
BMC BladeLogic Client AutomationBMC Real End User Experience Monitoring
BMC BladeLogic PortalBMC TrueSight Infrastructure Management
BMC AppSightBMC PATROL Agent
BMC Identity ManagementBMC Performance Manager Portal
BMC IT Business ManagementBMC Active End User Experience Monitoring
BMC Network AutomationBMC Application Diagnostics
BMC Service Desk Express
BMC Service Level Management
BMC TrackIt!
BMC RemedyForce (all versions)
BMC Footprints Service Core/Renoir 12
BMC TrueSight Capacity Optimization prior to v10.5
BMC Event Manager
BMC TrueSight IT Data Analytics
BMC Storage Data Management
BMC Performance Manager for WebSphere Business Integration (WBI)
Aternity for BMC End User Experience Management Console and Agents (all versions)
BMC Education Solution Accelerator (ESA)
Moviri Integration for BMC Capacity Optimization
nlyte Enterprise Edition for BMC Software
Seamless Technologies Event Integration for BMC TrueSight Operations Management
BMC Mobile Device Management (MDM)
Sentry Software Integration for BMC Capacity Optimization
Sentry Software Monitoring for BMC TrueSight Operations Management
Sentry Software Adapters for BMC Atrium Orchestrator
SailPoint Provisioning Engine for BMC Software Solutions
SailPoint Compliance Manager for BMC Software Solutions
SailPoint Lifecycle Manager for BMC Software Solutions
Quindell  OS3 Frameworks for BMC Remedy
BMC Cost Analyzer for zEnterprise
BMC Intelligent Capping for zEnterprise
BMC Subsystem Optimization for zEnterprise
BMC Capacity Optimization for Mainframes

 

Products not listed in Table 1 and Table 2 above are still under investigation. Updates on these products will be posted to this page as they become available.
Recommendations:
   1. BMC products are frequently installed in environments that include infrastructure components that embed the OpenSSL library (e.g. Web Servers, Application Servers, Middleware, etc.). Please check with the vendors of these components to ensure they have been patched or that they are not affected by the OpenSSL CVE-2016-0701 vulnerability.

Filter Blog

By date:
By tag: