BMC Software has identified a security vulnerability (CVE-2018-19647) that could allow a remote, unauthenticated attacker to gain arbitrary code execution as the system user. The exposure is limited to scenarios where an attacker is on the same network as Remedy AR System and has the capability to bypass standard network based defenses such as firewalls.
All service packs and patches of Remedy AR System 9.x and 18.x versions are affected by this vulnerability.
BMC strongly recommends that customers who have installed Remedy AR System 9.x or 18.x apply this hot fix.
Hot fixes for the affected versions are available at the following links:
Remedy AR System 18.08.01 (the fix will be made available shortly)