Vulnerabilities > BMC > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2017-9453 Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
network
low complexity
bmc CWE-863
critical
9.8
2023-07-31 CVE-2023-39122 SQL Injection vulnerability in BMC Control-M
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter.
network
low complexity
bmc CWE-89
critical
9.8
2023-05-31 CVE-2023-34257 Unspecified vulnerability in BMC Patrol Agent
An issue was discovered in BMC Patrol through 23.1.00.
network
low complexity
bmc
critical
9.8
2023-02-25 CVE-2023-26550 SQL Injection vulnerability in BMC Control-M 9.0.18/9.0.19/9.0.20
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
network
low complexity
bmc CWE-89
critical
9.8
2022-08-03 CVE-2022-35865 Unspecified vulnerability in BMC Track-It!
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109.
network
low complexity
bmc
critical
9.8
2022-02-18 CVE-2022-24047 Improper Authentication vulnerability in BMC Track-It! 20.21.01.102
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102.
network
low complexity
bmc CWE-287
critical
9.8
2021-05-19 CVE-2017-17674 Server-Side Request Forgery (SSRF) vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion.
network
low complexity
bmc CWE-918
critical
9.8
2019-09-26 CVE-2019-16755 Deserialization of Untrusted Data vulnerability in BMC Myit Digital Workplace
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application.
network
low complexity
bmc CWE-502
critical
9.8
2019-05-20 CVE-2019-8352 Use of Hard-coded Credentials vulnerability in BMC Patrol Agent
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services.
network
low complexity
bmc CWE-798
critical
9.8
2018-01-30 CVE-2016-6599 Credentials Management vulnerability in BMC Track-It! 11.3/11.3.0.355/11.4
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010.
network
low complexity
bmc CWE-255
critical
9.8