Vulnerabilities > BMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-07 | CVE-2021-35001 | Missing Authorization vulnerability in BMC Track-It! BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. | 6.5 |
| 2024-05-07 | CVE-2021-35002 | Unrestricted Upload of File with Dangerous Type vulnerability in BMC Track-It! BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. | 8.8 |
| 2024-03-18 | CVE-2024-1604 | Authorization Bypass Through User-Controlled Key vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. | 6.8 |
| 2024-03-18 | CVE-2024-1605 | Incorrect Default Permissions vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. | 7.8 |
| 2024-03-18 | CVE-2024-1606 | Unspecified vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. | 5.4 |
| 2023-09-05 | CVE-2020-35593 | Unspecified vulnerability in BMC Patrol Agent BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | 7.8 |
| 2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
| 2023-07-31 | CVE-2023-39122 | SQL Injection vulnerability in BMC Control-M BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. | 9.8 |
| 2023-05-31 | CVE-2023-34257 | Unspecified vulnerability in BMC Patrol Agent An issue was discovered in BMC Patrol through 23.1.00. | 9.8 |
| 2023-05-31 | CVE-2023-34258 | Missing Encryption of Sensitive Data vulnerability in BMC Patrol 9.13.10.01 An issue was discovered in BMC Patrol before 22.1.00. | 7.5 |