Share This:

Latest details from BMC

Last Updated: June 1, 2015 10:05AM CDT

 

BMC Software’s Application Security team is investigating the impact that the Logjam Attack (CVE-2015-4000) described by a group of researchers in a dedicated website on May 20th has on the security posture of BMC products and services.

We will post updates to this webpage with our findings.

In the interim we suggest that you follow the instructions provided by the researchers who discovered the attack to minimize your exposure.

 

Products Affected by CVE-2015-4000Remediation / Patches
BMC Bladelogic Server Automation (BSA) 8.6 SP1Remediation instructions expected by June 30, 2015
Cloud Lifecycle Manager (CLM) (not including underlying Remedy AR platform)

A knowledge base article with manual steps for remediation will be published by June 15, 2015.

The next patch will include the required configuration changes.

BMC Atrium Orchestrator (BAO)

Modify the Tomcat server.xml settings on the server side to disable export ciphers.

Release 7.8.01 will no longer be affected.

BMC Release Package and Deployment (RPD)

Documentation will be updated by June 30, 2015 to include instructions for disabling export ciphers.

The next patch will include the required configuration changes.

BMC Release Lifecycle Management (RLM) See RPD, RPM and BSA
The products listed in Table 2 below are unaffected by CVE-2015-4000.
Products that are unaffected by CVE-2015-4000
BMC Client Management (BCM) (previously Footprints Asset Core)
BMC Bladelogic Decision Support for Server Automation
BMC Bladelogic Decision Support for Network Automation
BMC Bladelogic Decision Support for Database Automation
BMC Bladelogic Network Automation (BNA)
BMC Bladelogic Database Automation (BDA)
BMC Release Process Management (RPM)
BMC Middleware Administration (BMA)
BMC Data Center Automation Portal (DCA Portal)