Vulnerabilities > BMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-23 | CVE-2017-13130 | Uncontrolled Search Path Element vulnerability in BMC Patrol mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | 7.8 |
| 2016-12-21 | CVE-2016-2349 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1 Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 7.5 |
| 2016-12-02 | CVE-2016-9638 | Permissions, Privileges, and Access Controls vulnerability in BMC Patrol 9.13.10.01 In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. | 7.8 |
| 2016-06-13 | CVE-2016-1543 | Improper Access Control vulnerability in BMC Bladelogic Server Automation Console The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. | 7.5 |
| 2016-06-13 | CVE-2016-1542 | Improper Input Validation vulnerability in BMC Bladelogic Server Automation Console The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure. | 7.5 |