CVE-2015-5071
First published: Wed Jan 15 2020(Updated: )
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BMC Remedy AR System Server | =8.0 | |
| BMC Remedy AR System Server | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID is CVE-2015-5071.
What is the severity of CVE-2015-5071?
The severity of CVE-2015-5071 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2015-5071?
The affected software for CVE-2015-5071 is BMC Remedy AR System Server versions 8.0 and 9.0.
How can remote authenticated users exploit CVE-2015-5071?
Remote authenticated users can exploit CVE-2015-5071 by navigating to arbitrary files using the __report parameter of the BIRT viewer servlet.
Are there any references for CVE-2015-5071?
Yes, you can find references for CVE-2015-5071 at the following links: [Reference 1](https://communities.bmc.com/docs/DOC-77816) and [Reference 2](https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html).
- collector/nvd-index
- agent/references
- agent/event
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/bmc
- canonical/bmc remedy ar system server
- version/bmc remedy ar system server/8.0
- version/bmc remedy ar system server/9.0