Vulnerabilities > BMC > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-13 CVE-2016-4322 Improper Authentication vulnerability in BMC Bladelogic Server Automation Console 8.7.00
BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.
network
low complexity
bmc CWE-287
7.5
2016-12-02 CVE-2016-9638 Permissions, Privileges, and Access Controls vulnerability in BMC Patrol 9.13.10.01
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit.
local
low complexity
bmc CWE-264
7.2
2013-07-29 CVE-2013-4945 SQL Injection vulnerability in BMC Service Desk Express 10.2.1.95
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
network
low complexity
bmc CWE-89
7.5
2007-04-22 CVE-2007-2136 Unspecified vulnerability in BMC Patrol Perform Agent
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
network
low complexity
bmc
7.5
1999-07-13 CVE-1999-1460 Unspecified vulnerability in BMC Patrol Agent
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.
local
low complexity
bmc
7.2
1998-11-02 CVE-1999-1459 Symbolic Link vulnerability in BMC Patrol
BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
local
low complexity
bmc
7.2