PT-2016-5126 · Bmc · Bmc Remedy Ar System Server
Bhushan Nikam
·
Publicado
2016-12-21
·
Atualizado
2017-07-27
·
CVE-2016-2349
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BMC Remedy AR System Server versions 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1
Description
The issue allows attackers to reset arbitrary passwords by providing a blank previous password.
Recommendations
For versions 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1, consider restricting access to password reset functionality until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bmc Remedy Ar System Server