MyIT/SmartIT Fix for Apache Commons Deserialization Vulnerability

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MyIT Self Service


    COMPONENT:

    MyIT


    APPLIES TO:

    MyIT 2.2.00/Smart IT 1.0 SP1, MyIT 2.5.00/Smart IT 1.1.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 2.6.00/Smart IT 1.2.00, MyIT 3.0/SmartIT 1.3



    PROBLEM:

    Problem Summary # Apache Commons Library deserialization vulnerability

    https://communities.bmc.com/blogs/application-security-news/2015/12/14/apache-commons-deserialization-vulnerability


    BMC Software’s Application Security team is investigating the impact that the Apache Commons Library deserialization vulnerability has on the security posture of BMC products and services. The vulnerability has been described by various parties in multiple places (see FoxGlove Security's post and the darkreading article for examples) and enables code execution via the InvokerTransformer class.
    The vulnerability has been assigned more than one CVE-ID via inclusion in products released by IBM (CVE-2015-7450) and Oracle (CVE-2015-4852).
     

     

     


    SOLUTION:

    Hotfixes are available to fix the reported issue. Please contact BMC Support to get you the requested hotfix for your version.
     

                              
    BMC SmartIT
    BMC MyIT
     
    MyIT 2.2.00_Hotfix_03022016
    MyIT 2.5.00_Hotfix_03022016
    MyIT 2.6.00_Hotfix_03022016
    MyIT 3.0.00_Hotfix_03022016

     


    Article Number:

    000105133


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles