2 matches found
CVE-2015-5072
The CVE-2015-5072 entry concerns BMC Remedy AR System Server’s BIRT Engine Mid Tier prior to 9.0 SP1, where the BIRT Engine servlet could be exploited by remote authenticated users to navigate to arbitrary local files via the __imageid parameter. The issue is caused by a file inclusion/control pa...
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...