The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
References
Link | Resource |
---|---|
https://communities.bmc.com/docs/DOC-77816 | Vendor Advisory |
https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-15T17:06:03
Updated: 2020-01-15T17:06:03
Reserved: 2015-06-25T00:00:00
Link: CVE-2015-5072
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-15T18:15:11.683
Modified: 2020-01-24T18:27:36.710
Link: CVE-2015-5072
JSON object: View
Redhat Information
No data.
CWE