Vulnerabilities > BMC > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
2023-07-31 | CVE-2023-39122 | SQL Injection vulnerability in BMC Control-M BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. | 9.8 |
2023-05-31 | CVE-2023-34257 | Unspecified vulnerability in BMC Patrol Agent An issue was discovered in BMC Patrol through 23.1.00. | 9.8 |
2023-02-25 | CVE-2023-26550 | SQL Injection vulnerability in BMC Control-M 9.0.18/9.0.19/9.0.20 A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | 9.8 |
2022-08-03 | CVE-2022-35865 | Unspecified vulnerability in BMC Track-It! This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. | 9.8 |
2022-02-18 | CVE-2022-24047 | Improper Authentication vulnerability in BMC Track-It! 20.21.01.102 This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. | 9.8 |
2021-05-19 | CVE-2017-17674 | Server-Side Request Forgery (SSRF) vulnerability in BMC Remedy Mid-Tier 9.1 BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. | 9.8 |
2019-09-26 | CVE-2019-16755 | Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. | 9.8 |
2019-05-20 | CVE-2019-8352 | Use of Hard-coded Credentials vulnerability in BMC Patrol Agent By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. | 9.8 |
2018-01-30 | CVE-2016-6599 | Credentials Management vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. | 9.8 |