Skip navigation
Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

BMC is announcing the end-of-life for BMC Transaction Monitoring Application Response Timer (also known as TMART), effective March 31, 2019.

Click here to read the end-of-life announcement sent to BMC customers.

Share This:

Last Updated: July 28, 2014 3:00PM CDT

The OpenSSL Security Advisory [05 Jun 2014] ("Advisory") disclosed OpenSSL security vulnerabilities. BMC Software is investigating the impact of the disclosed vulnerabilities to our products and services as well as our customer-facing portals.

The products in Table 1 below have been found to be vulnerable to the disclosed OpenSSL CCS Injection flaw. The planned remediation and expected availability date for each affected product is shown in the table. No products have been found to be vulnerable to the other flaws described in the advisory. This table will be updated as needed as the investigation progresses.

 

ProductRemediation
BMC Bladelogic Decision Support for Server Automation 8.2.x, 8.3.x, and 8.5 (Windows + Linux + Solaris)BDSSA 8.5 SP1 as well as patches for BDSSA 8.2.x, 8.3.x and 8.5 include OpenSSL 1.0.1h.  All patches are available via ftp.
BMC Real End User Experience Monitoring versions 2.5 and 2.5.01 (2.5.64.306 and 2.5.66.300)Upgraded to OpenSSL 1.0.1h in version 2.6 released July 11 (available by EPD)
BMC Real End User Experience Monitoring Hardware Collector versions 2.5 and 2.5.01 (2.5.64.306 and 2.5.66.300)Upgraded to OpenSSL 1.0.1h in version 2.6 released July 11 (available by EPD)
BMC TrueSight End User Monitor 1200 Series versions 2.5 and 2.5.01 (6.5.64.306 and 6.5.66.300)Upgraded to OpenSSL 1.0.1h in version 2.6 released July 11 (available by EPD)
BMC TrueSight End User Monitor 4200 Series versions 2.5 and 2.5.01 (6.5.64.306 and 6.5.66.300)Upgraded to OpenSSL 1.0.1h in version 2.6 released July 11 (available by EPD)
BMC Atrium Discovery and Dependency Mapping 8.3.x, 9.0.x, and 10.0.xUpdated OpenSSL included in OS update released June 20
BMC Atrium Discovery and Dependency Mapping Proxy 9.0.xUpdated OpenSSL included in 9.0 SP3 released July 1
BMC Atrium Discovery and Dependency Mapping Proxy 8.3.x and 10.0.xUpdated OpenSSL will be included in any future releases
BMC Atrium SSOPlease apply the OS update released June 20 to the ADDM appliance
BMC MainView Console Automation
(all versions through 3.2)
For versions 3.1 and 3.2:
a Cumulative SSL Security patch released June 9 addresses this issue; it fixes both the "Heartbleed" vulnerability and those disclosed in June.

 

Customers running earlier releases of MainView Console Automation should upgrade to version 3.2 before the patch can be installed.
BMC Footprints Service Core 11.6.02 and priorUpdated OpenSSL for Tomcat included in the patch released July 16. Detailed remediation steps and a link to the patch are included in this article on the Footprints support site.
Aternity for BMC End User Experience Management Dashboards Server (all versions)Updated OpenSSL included in Patch available July 15

 

Although no other products have been found to be vulnerable to the OpenSSL CCS Injection flaw, some do include older versions of OpenSSL. As a precaution we will be upgrading OpenSSL libraries included in all our supported products as part of their next planned service pack or release, whichever occurs first.

BMC products are frequently installed in environments that include infrastructure components that embed the OpenSSL library (e.g. Web Servers, Application Servers, Middleware, etc.). Please check with the vendors of these components to ensure they have been patched or that they are not affected by the OpenSSL Security Advisory from June 5th.

Please bookmark this page, and check it periodically for the latest details.

Share This:

Renew Support Directly With Aternity

BMC is announcing a change to the process for renewing support for products from Aternity, Inc.

Click here to read the joint communication sent to customers from BMC and Aternity.

Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

Latest details from BMC

 

Last Updated: June 2, 2014 4:00PM CDT

 

BMC Software’s Application Security team is investigating the impact that the OpenSSL CVE-2014-0160 vulnerability has on the security posture of BMC products and services.
The products listed in Table 1 below include OpenSSL libraries affected by the OpenSSL CVE-2014-0160 vulnerability.
Products Which Include Affected OpenSSLRemediation / Patches
BMC Atrium Discovery and Dependency Mapping 10.0
BMC Atrium Discovery and Dependency Mapping Proxy 10.0
BMC Atrium Discovery and Dependency Mapping 9.0 RedHat 6
BMC Atrium Discovery and Dependency Mapping Proxy 9.0
Fix available on BMC Electronic Product Distribution

 

Refer to this blog post for details and update instructions
BMC TrueSight Operations Management Suite Server 9.5Patches available from the BMC FTP site(see the readme file for details)
BMC Real End User Experience Monitoring
versions 2.5 and 2.5.01 (2.5.64.306 and 2.5.66.300)
Patch available through deviceupdates

 

See this document for details
BMC Real End User Experience Monitoring Hardware Collector
versions 2.5 and 2.5.01 (2.5.64.306 and 2.5.66.300)
Patch available through deviceupdates

 

See this document for details
BMC TrueSight End User Monitor 1200 Series
versions 2.5 and 2.5.01 (6.5.64.306 and 6.5.66.300)
Patch available through deviceupdates.

 

See this document for details
BMC TrueSight End User Monitor 4200 Series
versions 2.5 and 2.5.01 (6.5.64.306 and 6.5.66.300)
Patch available through deviceupdates

 

See this document for details
Borland Silk Performer Synthetic Transaction Monitoring for BMC Software (Synthetic-EUEM) 15.0Fix available on BMC Electronic Product Distribution
BMC TMART 4.1 SP2, 4.2Fix available on BMC Electronic Product Distribution
BMC Bladelogic Decision Support for Server Automation
8.2.03, 8.2.04, 8.3, 8.3.01
Linux fixes available:
8.2.03, 8.2.04
8.3, 8.3.01

 

Solaris fixes available:
8.2.03, 8.2.04
8.3, 8.3.01

 

Windows versions not affected
BMC Bladelogic Decision Support for Server Automation
8.3.02, 8.3.03, 8.5

Linux fixes available
8.3.02, 8.3.03, 8.5

 

Solaris fixes available
8.3.02, 8.3.03, 8.5

 

Windows fixes available
8.3.02, 8.3.03, 8.5

BMC MainView Console Automation for zEnterprise 3.1, 3.2Fix available on BMC Electronic Product Distribution
Aternity for BMC End User Experience Management Dashboards Server (all versions)Fix available from Aternity

 

Click here for details
Entuity Network Monitoring for BMC TrueSight Operations Management V14.0Fix available from the Entuity web site

 

Please contact BMC Customer Support for access credentials
The products listed in Table 2 below either do not include OpenSSL libraries or include OpenSSL libraries unaffected by the OpenSSL CVE-2014-0160 vulnerability.
Products Which Do Not Include OpenSSLProducts Which Include Unaffected OpenSSL
BMC Atrium OrchestratorBMC Atrium Discovery and Dependency Mapping 9.0 RedHat 5
BMC Cloud Lifecycle ManagementBMC Remedy AR System 8.8
BMC Decision Support for Database AutomationBMC Remedy AR System and ITSM Suite 8.1
BMC Decision Support for Network AutomationBMC Remedy AR System and ITSM Suite 8.0
BMC Release Lifecycle managementBMC Remedy AR System and ITSM Suite 7.6.04
BMC MainView Console Management 2.12 and priorBMC Atrium CMDB
BMC MainView for z/OS solutions
(all products and versions except as shown in Table 1)
BMC Footprints Service Core 11.6.02 and prior
BMC IMS for z/OS solutions
(all products and versions)
BMC Footprints Asset Core/BCM 11.6
BMC DB2 for z/OS solutions
(all products and versions)
BMC Footprints Asset Core/BCM 11.7
BMC Middleware AdministrationBMC Footprints Asset Core/BCM 12
BMC Middleware Management -Transaction Analytics for WebSphere MQ (StatWatch)BMC Remedy OnDemand (based on underlying Remedy and hosting environment tested)
BMC BladeLogic Client AutomationBMC Capacity Optimization and Performance Assurance
BMC AppSightBMC Middleware Management - Performance and Availability
BMC Identity ManagementBMC Middleware Management – Transaction Monitoring
BMC IT Business ManagementBMC TrueSight Operations Management Suite Server 9.0
BMC Network AutomationBMC Control-M 6.4
BMC Service Desk ExpressBMC Control-M 7.0
BMC Service Level ManagementBMC Control-M 8.0
BMC TrackIt!BMC Dashboard and Analytics
BMC MyIT (all versions)BMC Release Process Management
BMC RemedyForce (all versions)BMC Database Automation (BladeLogic)
BMC Footprints Service Core/Renoir 12BMC Server Automation (BladeLogic)
BMC Performance Manager PortalBMC Release Package and Deployment (RPD)
BMC Storage Data ManagementBMC Atrium SSO
BMC Performance Manager for WebSphere Business Integration (WBI)BMC TMART 4.1 (prior to SP2)
Aternity for BMC End User Experience Management Console and Agents (all versions)BMC Bladelogic Decision Support for Server Automation
On Unix: 8.2.00, 8.2.01, 8.2.02
On Windows: 8.2.02, 8.2.03, 8.2.04, 8.3, 8.3.01
BMC Education Solution Accelerator (ESA)BMC Event Manager
Moviri Integration for BMC Capacity OptimizationBMC Patrol Central Web Edition
nlyte Enterprise Edition for BMC SoftwareBMC Application Transaction Tracing
Seamless Technologies Event Integration for BMC TrueSight Operations ManagementBMC Middleware Management - Administration for WebSphere MQ (AppWatch)
BMC Mobile Device Management (MDM) BMC Middleware Monitoring
Sentry Software Integration for BMC Capacity OptimizationEntuity Network Monitoring for BMC TrueSight Operations Management V10.5 and earlier
Sentry Software Monitoring for BMC TrueSight Operations Management BMC Performance Manager for Servers
Sentry Software Adapters for BMC Atrium Orchestrator  BMC PATROL Agent
SailPoint Provisioning Engine for BMC Software Solutions
SailPoint Compliance Manager for BMC Software Solutions
SailPoint Lifecycle Manager for BMC Software Solutions
Quindell  OS3 Frameworks for BMC Remedy

 

Products not listed in Table 1 and Table 2 above are still under investigation. Updates on these products will be posted to this page as they become available.
Recommendations:
   1. In cases where BMC products were deployed in vulnerable environments or they were patched for the OpenSSL CVE-2014-0160 vulnerability – we recommend that you change all administrative passwords and replace all SSL certificates.
   2. BMC products are frequently installed in environments that include infrastructure components that embed the OpenSSL library (e.g. Web Servers, Application Servers, Middleware, etc.). Please check with the vendors of these components to ensure they have been patched or that they are not affected by the OpenSSL CVE-2014-0160 vulnerability.
Share This:

Renew Support Directly With SailPoint

BMC is announcing a change to the process for renewing support for products from SailPoint Technologies.

Click here to read the joint communication sent to customers from BMC and Sailpoint.

Share This:

Extended support available through Symphony Teleca, Inc.

In 2013, BMC announced the release of its next-generation enterprise client automation tool; BMC Client Management. This new solution is based on technology BMC has acquired and enhanced and represents a significant leap forward in capabilities as compared to our current BladeLogic Client Automation products. Furthermore, it takes their place as our go-forward solution for client automation.

 

Accordingly, BMC is announcing the end of life and termination of support for certain BMC BladeLogic Client Automation Products, as detailed in the communication linked below.

Click here to read the communication from BMC.

Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

Recently, McAfee published a blog and security alert about a piece of malware targeting electronic point of sale (EPOS) systems. These systems are commonly used in retail businesses as part of the “cash register” to manage credit and debit card transactions. The blog and alert describe actions taken by the malware to disguise itself and obfuscate its activity by masquerading as BMC BladeLogic. This security advisory was developed to help answer questions that may surface after reading the McAfee publication.

 

McAfee’s blog post can be found here:

http://blogs.mcafee.com/mcafee-labs/analyzing-the-target-point-of-sale-malware

The blog contains a link to McAfee’s threat advisory.

Please click here for more details and FAQs.

Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

BMC Communities now guide product enhancements

BMC Communities recently launched Ideas, a new crowd-sourcing tool that will provide a forum for customers to suggest enhancements for BMC products.

Ideas is currently implemented for most BMC products with the exception of: Control-M, MainView, Solutions for IMS, Solutions for DB2, and Middleware Management.

Customers who log onto BMC Communities can enter new enhancement requests, vote on, or comment on other customer’s enhancement requests. Customers can also track the status of their requests at any time. The Product Management team monitors the voting on each request so that the most popular requests by customers rise to the top of the enhancement list.

Click here for more details on the Ideas program.

Share This:

To provide better quality and organization of information for our customers, BMC has introduced the Quarterly Product Change Notification.

The consolidation of information into one notification quarterly allows the customer to view changes to their products with valuable information including effective dates, end of support dates and migration plans for product renames, product replacements and product withdrawals.

See Product Change Notification (pdf)

Share This:

Subscribe for Proactive Notification Alerts and receive Product Release and update information via email.

The Proactive Alert process allows you to:

  • Choose information about the specific products you are interested in with your BMC Support Login ID and Password.
  • Receive email alerts based on your product and document type subscription selections.
  • View and modify your subscription selections online.

The following document types are available:

  • Product Flashes
  • Technical Bulletins
  • Release Notes
  • Third-Party Support Bulletins
  • Product Change Notifications
  • Education Updates

To Subscribe for Proactive Alerts, please go to My Support Profile page. Under Proactive Alert Subscriptions, select "Create or Modify Customized Product and Subscription Lists”.

Filter Blog

By date:
By tag: