File Inclusion Vulnerability in BMC Remedy AR System Mid Tier
CVE-2015-5072

6.5MEDIUM

Key Information:

Vendor

Bmc

Status
Remedy Ar System Server
Vendor
CVE Published:
15 January 2020

What is CVE-2015-5072?

The BIRT Engine servlet in the AR System Mid Tier component of BMC Remedy AR System Server prior to version 9.0 SP1 contains a file inclusion vulnerability. This flaw allows remote authenticated users to access arbitrary files on the server by exploiting the __imageid parameter, potentially exposing sensitive information and compromising the system's integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://communities.bmc.com/docs/DOC-77816
x_refsource_CONFIRM
https://packetstormsecurity.com/files/133689/BMC-Remedy-A...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.