Vulnerabilities > BMC > Remedy Action Request System > 9.0.00.002

DATE CVE VULNERABILITY TITLE RISK
2018-03-24 CVE-2015-9257 Cross-site Scripting vulnerability in BMC Remedy Action Request System
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.
network
low complexity
bmc CWE-79
6.1
6.1
2018-03-12 CVE-2017-18228 Cross-site Scripting vulnerability in BMC Remedy Action Request System
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
network
low complexity
bmc CWE-79
5.4
5.4
2018-03-10 CVE-2017-18223 Improper Authentication vulnerability in BMC Remedy Action Request System
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
network
high complexity
bmc CWE-287
8.1
8.1