BMC Performance Manager Portal vulnerable to the  .NET framework - CVE-2015-1673 - MS15-048 - Microsoft - .NET Framework - Privilege Escalation Issue

Version 7
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    BMC Performance Manager Portal


    BMC PM Portal


    BMC Performance Manager Portal


    Is Portal vulnerable to the .NET framework - CVE-2015-1673 - MS15-048 - Microsoft - .NET Framework - Privilege Escalation Issue


    The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."

    Applies To:

    BMC Performance Manager Portal 2.10.01 and below



    Legacy ID:KA428580


    This is an open vulnerability in BMC Performance Manager Portal 2.10 or lower. There is no workaround.
    The recommendation is to upgrade to BMC Performance Manager Portal 2.11.00 which uses newer versions of Apache and Tomcat which are not affected.

    JDK update Portal and RSM : jdk-1.7.0_21-b11 or later (Currently evaluating JDK 1.8)
    Windows 2012 and Window 2012 R (SE and DE) support for Portal and RSM
    Using Common Installer Framework (CIF) instead of Install Anywhere
    AES-256 bit encryption and SHA-256 algorithm support to encrypt portal user credentials and monitored element credentials and integrated components credentials (CMDB, LDAP)
    Tomcat 2.26
    Apache 2.2.7

    Related Products:  
    1. BMC Portal - Original
    3. BMC Performance Manager Portal
    5. BMC Portal - Original


    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles