Vulnerabilities > BMC > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-05 | CVE-2017-9453 | Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7 BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. | 9.8 |
2023-07-31 | CVE-2023-39122 | SQL Injection vulnerability in BMC Control-M BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. | 9.8 |
2023-05-31 | CVE-2023-34257 | Unspecified vulnerability in BMC Patrol Agent An issue was discovered in BMC Patrol through 23.1.00. | 9.8 |
2023-02-25 | CVE-2023-26550 | SQL Injection vulnerability in BMC Control-M A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | 9.8 |
2018-01-30 | CVE-2016-6598 | Improper Access Control vulnerability in BMC Track-It! 11.4 BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. | 10.0 |
2011-02-10 | CVE-2011-0975 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in BMC products Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768. | 10.0 |
2009-01-27 | CVE-2008-5982 | USE of Externally-Controlled Format String vulnerability in BMC Patrol Agent Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message. | 10.0 |
1999-04-09 | CVE-1999-0801 | Unspecified vulnerability in BMC Patrol Agent 3.2.3 BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. | 10.0 |
1999-04-01 | CVE-1999-0443 | Unspecified vulnerability in BMC Patrol Agent 3.2.3 Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password. | 10.0 |