11 Replies Latest reply on Jun 22, 2017 9:09 AM by John Weigand

    Remedy AR System 9.x Security Vulnerability Hot Fix

    John Weigand

      Remedy AR System 9.x Security Vulnerability Hot Fix
      BMC Software has identified a security vulnerability where, under certain circumstances, an unauthorized user could gain administrative access to a Remedy AR System platform. This vulnerability can only be exploited when Remedy AR Authentication is enabled. All service packs and patches of Remedy AR System 9.x versions below Remedy AR System 9.1 SP3 are affected by this vulnerability. Remedy AR System 9.1 SP3 is not affected. BMC strongly recommends that customers who have installed Remedy AR System 9.x apply this hot fix. Hot fixes for the affected versions are available at the following links:

       

      VersionHot Fix Date
      Remedy AR System 9.0April 25, 2017
      Remedy AR System 9.0 SP1May 18, 2017
      Remedy AR System 9.1May 12, 2017
      Remedy AR System 9.1 SP2 Patch 3May 11, 2017

       

      Note
      Any hot fix you have applied with a date more recent than noted above means that your system is protected and no action is necessary.

       

      The FTP URL to the hot fixes is: ftp://ftp.bmc.com/pub/ARRecommendedFixes/SecurityVulnerabiltyFixes

       

      Best regards,
      John Weigand
      R&D Program Manager, BMC Software