Follow these instructions if you are a BMC customer
BMC customers should follow your established support process to report security vulnerabilities, as you would any other concern. Following the customer support process will help us prioritize your report and understand its context.
To expedite handling of the vulnerability please include:
- Your name, email, and phone number
- BMC product name (e.g., TrueSight Server Automation)
- BMC product version (preferably the full version and patch level, e.g., v.9.8.01 SP1)
- Detailed description of the vulnerability with steps to reproduce its discovery
- Detailed steps to exploit the vulnerability (if available)
- Applicable CVEs, hostnames, and IP addresses (for vulnerabilities related to infrastructure)