Filtered by vendor Bmc
Subscriptions
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11216 | 1 Bmc | 1 Remedy Smart Reporting | 2024-11-21 | 6.5 Medium |
| BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. | ||||
| CVE-2019-1010147 | 2 Bmc, Yellowfinbi | 2 Remedy Smart Reporting, Yellowfin Bi | 2024-11-21 | N/A |
| Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. | ||||
| CVE-2018-20735 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | N/A |
| An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration | ||||
| CVE-2018-19505 | 1 Bmc | 1 Remedy Action Request System Server | 2024-11-21 | N/A |
| Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | ||||
| CVE-2018-18862 | 1 Bmc | 2 Remedy Action Request System, Remedy Mid-tier | 2024-11-21 | N/A |
| BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | ||||
| CVE-2017-9453 | 1 Bmc | 1 Server Automation | 2024-11-21 | 9 Critical |
| BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | ||||
| CVE-2017-18228 | 1 Bmc | 1 Remedy Action Request System | 2024-11-21 | N/A |
| Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | ||||
| CVE-2017-18223 | 1 Bmc | 1 Remedy Action Request System | 2024-11-21 | N/A |
| BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | ||||
| CVE-2017-17678 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 6.1 Medium |
| BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility. | ||||
| CVE-2017-17677 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 8.8 High |
| BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | ||||
| CVE-2017-17675 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 5.3 Medium |
| BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data. | ||||
| CVE-2017-17674 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 9.8 Critical |
| BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). | ||||
| CVE-2017-13130 | 1 Bmc | 1 Patrol | 2024-11-21 | N/A |
| mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | ||||
| CVE-2016-6599 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments. | ||||
| CVE-2016-6598 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. | ||||
| CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2024-11-21 | N/A |
| The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | ||||
| CVE-2015-9257 | 1 Bmc | 1 Remedy Action Request System | 2024-11-21 | N/A |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | ||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | ||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | ||||
| CVE-2014-9514 | 1 Bmc | 1 Footprints Service Core | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | ||||