An SQL injection vulnerability has been identified in BMC's Remedy Action Request product. This vulnerability can affect the confidentiality and integrity of the application data. BMC has released a hotfix (ftp://ftp.bmc.com/pub/ARRecommendedFixes/SecurityVulnerabiltyFixes/) to patch this vulnerability. We strongly recommend that BMC customers apply this hotfix to address the vulnerability.
BMC would like to thank Spyridon Chatzimichail (https://www.linkedin.com/in/spyridon-chatzimichail-07467928/) for responsibly disclosing the vulnerability and helping us to further harden our products.