This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
MyIT Self Service
MyIT 2.2.00/Smart IT 1.0 SP1, MyIT 2.5.00/Smart IT 1.1.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 3.0/SmartIT 1.3
Problem Summary # Apache Commons Library deserialization vulnerability
BMC Software’s Application Security team is investigating the impact that the Apache Commons Library deserialization vulnerability has on the security posture of BMC products and services. The vulnerability has been described by various parties in multiple places (see FoxGlove Security's post and the darkreading article for examples) and enables code execution via the InvokerTransformer class.
The vulnerability has been assigned more than one CVE-ID via inclusion in products released by IBM (CVE-2015-7450) and Oracle (CVE-2015-4852).
Hotfixes are available to fix the reported issue. Please contact BMC Support to get you the requested hotfix for your version.