Vulnerabilities > BMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2015-5071 | Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0 AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | 6.5 |
| 2019-12-04 | CVE-2019-11216 | Unrestricted Upload of File with Dangerous Type vulnerability in BMC Remedy Smart Reporting BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. | 6.5 |
| 2019-10-14 | CVE-2019-17044 | Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I An issue was discovered in BMC Patrol Agent 9.0.10i. | 7.8 |
| 2019-10-14 | CVE-2019-17043 | Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I An issue was discovered in BMC Patrol Agent 9.0.10i. | 7.8 |
| 2019-09-26 | CVE-2019-16755 | Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. | 9.8 |
| 2019-07-26 | CVE-2019-1010147 | Cross-site Scripting vulnerability in multiple products Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. | 5.4 |
| 2019-05-20 | CVE-2019-8352 | Use of Hard-coded Credentials vulnerability in BMC Patrol Agent By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. | 9.8 |
| 2019-03-21 | CVE-2018-18862 | Forced Browsing vulnerability in BMC Remedy Action Request System and Remedy Mid-Tier BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | 8.8 |
| 2019-01-17 | CVE-2018-20735 | Improper Authentication vulnerability in BMC Patrol Agent An issue was discovered in BMC PATROL Agent through 11.3.01. | 7.8 |
| 2019-01-03 | CVE-2018-19505 | Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1 Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 6.5 |