CVE-2018-18862

Name of the Vulnerable Software and Affected Versions BMC Remedy Mid-Tier versions 7.1.00 through 9.1.02.003

Description The issue concerns incorrect access control in ITAM forms. Specifically, it affects the following API endpoints: "TLS%3APLR-Configuration+Details/Default+Admin+View/", "AST%3AARServerConnection/Default+Admin+View/", and "AR+System+Administration%3A+Server+Information/Default+Admin+View/". Leaks of username and password can lead to exploitation.

Recommendations For versions 7.1.00 through 9.1.02.003, consider restricting access to the vulnerable ITAM forms and API endpoints until a patch is available. As a temporary workaround, limit the use of default admin views to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.