Vulnerabilities > BMC > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-13 | CVE-2016-4322 | Improper Authentication vulnerability in BMC Bladelogic Server Automation Console 8.7.00 BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process. | 7.5 |
2016-12-02 | CVE-2016-9638 | Permissions, Privileges, and Access Controls vulnerability in BMC Patrol 9.13.10.01 In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. | 7.2 |
2013-07-29 | CVE-2013-4945 | SQL Injection vulnerability in BMC Service Desk Express 10.2.1.95 Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx. | 7.5 |
2007-04-22 | CVE-2007-2136 | Unspecified vulnerability in BMC Patrol Perform Agent Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | 7.5 |
1999-07-13 | CVE-1999-1460 | Unspecified vulnerability in BMC Patrol Agent BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. | 7.2 |
1998-11-02 | CVE-1999-1459 | Symbolic Link vulnerability in BMC Patrol BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. | 7.2 |