CVE-2019-11216

Name of the Vulnerable Software and Affected Versions BMC Smart Reporting version 7.3 20180418

Description The issue allows authenticated XXE (XML External Entity) attacks within the import functionality. This can be exploited by importing a malicious XML file, enabling the attacker to download local files from the server or perform Denial of Service (DoS) attacks using XML expansion attacks. Both XXE with direct response and Out-of-Band (OOB) XXE attacks are possible.

Recommendations For BMC Smart Reporting version 7.3 20180418, consider disabling the import functionality temporarily to prevent XXE attacks until a patch is available. Restrict access to the import feature to minimize the risk of exploitation. Avoid using the import functionality with untrusted XML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.