Vulnerabilities > BMC

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2015-5072 Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
network
low complexity
bmc CWE-269
4.0
2020-01-15 CVE-2015-5071 Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.
network
low complexity
bmc CWE-269
4.0
2019-12-04 CVE-2019-11216 Unrestricted Upload of File With Dangerous Type vulnerability in BMC Remedy Smart Reporting
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality.
network
low complexity
bmc CWE-434
5.5
2019-10-14 CVE-2019-17044 Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I
An issue was discovered in BMC Patrol Agent 9.0.10i.
local
low complexity
bmc CWE-276
7.2
2019-10-14 CVE-2019-17043 Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I
An issue was discovered in BMC Patrol Agent 9.0.10i.
local
low complexity
bmc CWE-276
4.6
2019-09-26 CVE-2019-16755 Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application.
network
low complexity
bmc CWE-502
7.5
2019-07-26 CVE-2019-1010147 Cross-Site Scripting vulnerability in multiple products
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation.
3.5
2019-05-20 CVE-2019-8352 Cryptographic Issues vulnerability in BMC Patrol Agent
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services.
network
low complexity
bmc CWE-310
7.5
2019-03-21 CVE-2018-18862 Forced Browsing vulnerability in BMC Remedy Action Request System and Remedy Mid-Tier
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.
network
low complexity
bmc CWE-425
6.5
2019-01-17 CVE-2018-20735 Improper Authentication vulnerability in BMC Patrol Agent
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01.
local
low complexity
bmc CWE-287
7.2