MyIT/SmartIT Fix for Apache Commons Deserialization Vulnerability

Version 2
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    MyIT Self Service




    MyIT 2.2.00/Smart IT 1.0 SP1, MyIT 2.5.00/Smart IT 1.1.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 3.0/SmartIT 1.3


    Problem Summary # Apache Commons Library deserialization vulnerability

    BMC Software’s Application Security team is investigating the impact that the Apache Commons Library deserialization vulnerability has on the security posture of BMC products and services. The vulnerability has been described by various parties in multiple places (see FoxGlove Security's post and the darkreading article for examples) and enables code execution via the InvokerTransformer class.
    The vulnerability has been assigned more than one CVE-ID via inclusion in products released by IBM (CVE-2015-7450) and Oracle (CVE-2015-4852).




    Hotfixes are available to fix the reported issue. Please contact BMC Support to get you the requested hotfix for your version.

    BMC SmartIT
    BMC MyIT
    MyIT 2.2.00_Hotfix_03022016
    MyIT 2.5.00_Hotfix_03022016
    MyIT 2.6.00_Hotfix_03022016
    MyIT 3.0.00_Hotfix_03022016


    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles