Vulnerabilities > BMC

DATE CVE VULNERABILITY TITLE RISK
2023-02-25 CVE-2023-26550 SQL Injection vulnerability in BMC Control-M 9.0.18/9.0.19/9.0.20
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
network
low complexity
bmc CWE-89
critical
 9.8
9.8
2022-11-10 CVE-2022-26088 Cross-site Scripting vulnerability in BMC Remedy IT Service Management Suite 20.02
An issue was discovered in BMC Remedy before 22.1.
network
low complexity
bmc CWE-79
5.4
5.4
2022-08-03 CVE-2022-35864 Unspecified vulnerability in BMC Track-It!
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109.
network
low complexity
bmc
6.5
6.5
2022-08-03 CVE-2022-35865 Unspecified vulnerability in BMC Track-It!
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109.
network
low complexity
bmc
critical
 9.8
9.8
2022-02-18 CVE-2022-24047 Improper Authentication vulnerability in BMC Track-It! 20.21.01.102
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102.
network
low complexity
bmc CWE-287
critical
 9.8
9.8
2021-05-19 CVE-2017-17674 Server-Side Request Forgery (SSRF) vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion.
network
low complexity
bmc CWE-918
critical
 9.8
9.8
2021-05-19 CVE-2017-17675 Information Exposure Through Log Files vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking.
network
low complexity
bmc CWE-532
5.3
5.3
2021-05-19 CVE-2017-17677 Incorrect Permission Assignment for Critical Resource vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy 9.1SP3 is affected by authenticated code execution.
network
low complexity
bmc CWE-732
8.8
8.8
2021-05-19 CVE-2017-17678 Cross-site Scripting vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS).
network
low complexity
bmc CWE-79
6.1
6.1
2020-01-15 CVE-2015-5072 Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
network
low complexity
bmc CWE-269
6.5
6.5