BMC Performance Manager Portal vulnerable to the  .NET framework - CVE-2015-1673 - MS15-048 - Microsoft - .NET Framework - Privilege Escalation Issue

Version 7
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Performance Manager Portal


    COMPONENT:

    BMC PM Portal


    APPLIES TO:

    BMC Performance Manager Portal



    QUESTION:

    Is Portal vulnerable to the .NET framework - CVE-2015-1673 - MS15-048 - Microsoft - .NET Framework - Privilege Escalation Issue

    Overview

    The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."

    Applies To:

    BMC Performance Manager Portal 2.10.01 and below


    ANSWER:

     

    Legacy ID:KA428580

      

    This is an open vulnerability in BMC Performance Manager Portal 2.10 or lower. There is no workaround.
    The recommendation is to upgrade to BMC Performance Manager Portal 2.11.00 which uses newer versions of Apache and Tomcat which are not affected.

    JDK update Portal and RSM : jdk-1.7.0_21-b11 or later (Currently evaluating JDK 1.8)
    Windows 2012 and Window 2012 R (SE and DE) support for Portal and RSM
    Using Common Installer Framework (CIF) instead of Install Anywhere
    AES-256 bit encryption and SHA-256 algorithm support to encrypt portal user credentials and monitored element credentials and integrated components credentials (CMDB, LDAP)
    Tomcat 2.26
    Apache 2.2.7

      
    Related Products:  
       
    1. BMC Portal - Original
    2.  
    3. BMC Performance Manager Portal
    4.  
    5. BMC Portal - Original

     


    Article Number:

    000020291


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles