Vulnerabilities > BMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-24 | CVE-2015-9257 | Cross-site Scripting vulnerability in BMC Remedy Action Request System BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | 6.1 |
| 2018-03-12 | CVE-2017-18228 | Cross-site Scripting vulnerability in BMC Remedy Action Request System Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | 5.4 |
| 2018-03-10 | CVE-2017-18223 | Improper Authentication vulnerability in BMC Remedy Action Request System BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | 8.1 |
| 2018-01-30 | CVE-2016-6599 | Credentials Management vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. | 9.8 |
| 2018-01-30 | CVE-2016-6598 | Improper Access Control vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. | 9.8 |
| 2017-08-28 | CVE-2014-9514 | Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5 Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | 6.1 |
| 2017-08-23 | CVE-2017-13130 | Uncontrolled Search Path Element vulnerability in BMC Patrol mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | 7.8 |
| 2017-05-02 | CVE-2016-5063 | Improper Authorization vulnerability in BMC Server Automation 8.6/8.7 The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | 5.3 |
| 2016-12-21 | CVE-2016-2349 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1 Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 7.5 |
| 2016-12-13 | CVE-2016-4322 | Improper Authentication vulnerability in BMC Bladelogic Server Automation Console 8.7.00 BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process. | 9.8 |