Vulnerabilities > BMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-07 | CVE-2021-35001 | Unspecified vulnerability in BMC Track-It! BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. | 6.5 |
| 2024-03-18 | CVE-2024-1604 | Authorization Bypass Through User-Controlled Key vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. | 6.8 |
| 2024-03-18 | CVE-2024-1606 | Unspecified vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. | 5.4 |
| 2022-11-10 | CVE-2022-26088 | Cross-site Scripting vulnerability in BMC Remedy IT Service Management Suite 20.02 An issue was discovered in BMC Remedy before 22.1. | 5.4 |
| 2022-08-03 | CVE-2022-35864 | Unspecified vulnerability in BMC Track-It! This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. | 6.5 |
| 2021-05-19 | CVE-2017-17675 | Information Exposure Through Log Files vulnerability in BMC Remedy Mid-Tier 9.1 BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. | 5.3 |
| 2021-05-19 | CVE-2017-17678 | Cross-site Scripting vulnerability in BMC Remedy Mid-Tier 9.1 BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). | 6.1 |
| 2020-01-15 | CVE-2015-5072 | Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0 The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | 6.5 |
| 2020-01-15 | CVE-2015-5071 | Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0 AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | 6.5 |
| 2019-12-04 | CVE-2019-11216 | Unrestricted Upload of File with Dangerous Type vulnerability in BMC Remedy Smart Reporting BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. | 6.5 |