What is CVE-2019-11216?

CVE-2019-11216 is a vulnerability in BMC Smart Reporting 7.3 20180418 that allows authenticated XXE attacks within the import functionality.

What is the severity of CVE-2019-11216?

The severity of CVE-2019-11216 is medium with a CVSS score of 6.5.

Which software versions are affected by CVE-2019-11216?

The affected software versions include Bmc Remedy Smart Reporting 9.1.03.001 to 9.1.03, 9.1.04.002 to 9.1.04, 18.05.05 to 18.05, and 19.02.01 to 19.02.

What can an attacker do with CVE-2019-11216?

An attacker can perform XXE attacks to download local files from the server or launch DoS attacks with XML expansion attacks.

How can I mitigate the vulnerability in CVE-2019-11216?

To mitigate the vulnerability, it is recommended to upgrade to a fixed version of BMC Smart Reporting.

Vulnerability/
CVE-2019-11216

medium

6.5

CWE

434 611

4/12/2019

4/8/2024

CVE-2019-11216: Malicious File Upload

First published: Wed Dec 04 2019(Updated: )

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Bmc Remedy Smart Reporting	>=9.1.03<=9.1.03.001
Bmc Remedy Smart Reporting	>=9.1.04<=9.1.04.002
Bmc Remedy Smart Reporting	>=18.05<=18.05.05
Bmc Remedy Smart Reporting	>=19.02<=19.02.01

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11216?
CVE-2019-11216 is a vulnerability in BMC Smart Reporting 7.3 20180418 that allows authenticated XXE attacks within the import functionality.
What is the severity of CVE-2019-11216?
The severity of CVE-2019-11216 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2019-11216?
The affected software versions include Bmc Remedy Smart Reporting 9.1.03.001 to 9.1.03, 9.1.04.002 to 9.1.04, 18.05.05 to 18.05, and 19.02.01 to 19.02.
What can an attacker do with CVE-2019-11216?
An attacker can perform XXE attacks to download local files from the server or launch DoS attacks with XML expansion attacks.
How can I mitigate the vulnerability in CVE-2019-11216?
To mitigate the vulnerability, it is recommended to upgrade to a fixed version of BMC Smart Reporting.

collector/nvd-index
agent/author
agent/references
agent/weakness
agent/severity
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/bmc
canonical/bmc remedy smart reporting
version/bmc remedy smart reporting/9.1.03
version/bmc remedy smart reporting/9.1.03.001
version/bmc remedy smart reporting/9.1.04
version/bmc remedy smart reporting/9.1.04.002
version/bmc remedy smart reporting/18.05
version/bmc remedy smart reporting/18.05.05
version/bmc remedy smart reporting/19.02
version/bmc remedy smart reporting/19.02.01

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.