Bmc · Bmc Remedy Ar System Server · CVE-2016-2349
**Name of the Vulnerable Software and Affected Versions**
BMC Remedy AR System Server versions 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1
**Description**
The issue allows attackers to reset arbitrary passwords by providing a blank previous password.
**Recommendations**
For versions 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1, consider restricting access to password reset functionality until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.