BMC Software has identified and fixed Mid Tier vulnerabilities including Remote Code Execution and Reflected Cross-site Scripting.
Remedy Mid Tier 9.0, 9.1, 18.05, 18.08, 19.02, and 19.08, all versions, service packs, and patches are affected by these vulnerabilities.
No action is required for SaaS customers (Remedy OnDemand / BMC Helix ITSM).
For more information about these issues and the resolution, see the following links:
Thanks to Raphaël Arrouas and Stephane Grundschober for responsibly disclosing some of these vulnerabilities to BMC.
R&D Sr. Program Manager