Vulnerabilities > BMC > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2017-9453 Incorrect Authorization vulnerability in BMC Server Automation 8.6/8.7
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
network
low complexity
bmc CWE-863
critical
9.8
2023-07-31 CVE-2023-39122 SQL Injection vulnerability in BMC Control-M
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter.
network
low complexity
bmc CWE-89
critical
9.8
2023-05-31 CVE-2023-34257 Unspecified vulnerability in BMC Patrol Agent
An issue was discovered in BMC Patrol through 23.1.00.
network
low complexity
bmc
critical
9.8
2023-02-25 CVE-2023-26550 SQL Injection vulnerability in BMC Control-M
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
network
low complexity
bmc CWE-89
critical
9.8
2018-01-30 CVE-2016-6598 Improper Access Control vulnerability in BMC Track-It! 11.4
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010.
network
low complexity
bmc CWE-284
critical
10.0
2011-02-10 CVE-2011-0975 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in BMC products
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.
network
low complexity
bmc CWE-119
critical
10.0
2009-01-27 CVE-2008-5982 USE of Externally-Controlled Format String vulnerability in BMC Patrol Agent
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
network
low complexity
bmc CWE-134
critical
10.0
1999-04-09 CVE-1999-0801 Unspecified vulnerability in BMC Patrol Agent 3.2.3
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
network
low complexity
bmc
critical
10.0
1999-04-01 CVE-1999-0443 Unspecified vulnerability in BMC Patrol Agent 3.2.3
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
network
low complexity
bmc
critical
10.0