An unspecified vulnerability in both BMC Digital Workplace and Remedy with Smart IT components can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System of the targeted system. BMC Software has identified an unauthenticated Remote Code Execution security vulnerability in BMC Digital Workplace and Remedy with Smart IT. BMC Digital Workplace Versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. **No action is required if you are using BMC Digital Workplace 19.02 or later. Remedy with Smart IT Versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability. For versions 1.4 or lower, you must upgrade to Smart IT version 2.0 Patch 2. If you need patches for 1.5, 1.5.01 & 1.6 please contact BMC Customer Support. **No action is required is required if you are using Smart IT 2.0 Patch 2 or Smart IT 19.08 |
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers. BMC has released a fix available for BMC Digital Workplace and Remedy with Smart IT. Internal Defect DRIIT-35018. CVE details: CVE-2019-16755 BMC strongly recommends that all customers using BMC Digital Workplace and Remedy with Smart IT as outlined in the versions above, apply this hotfix. Remedy with Smart IT:
BMC Digital Workplace:
No action is required if you are using BMC Digital Workplace 19.02 or later. No action is required for SaaS customers. This refers to Remedy as a Service (RaaS), Helix ITSM, or BMC Helix Digital Workplace. Remedy product line cumulative hot fixes – Refer to KA#000164912 (you must be logged into Support Central to view the KA). Thanks to Jerome Nokin for responsibly disclosing this vulnerability. |