Vulnerabilities > BMC > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-10 CVE-2022-26088 Cross-site Scripting vulnerability in BMC Remedy IT Service Management Suite 20.02
An issue was discovered in BMC Remedy before 22.1.
network
low complexity
bmc CWE-79
5.4
2021-05-19 CVE-2017-17675 Information Exposure Through Log Files vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking.
network
low complexity
bmc CWE-532
5.0
2021-05-19 CVE-2017-17677 Incorrect Permission Assignment for Critical Resource vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy 9.1SP3 is affected by authenticated code execution.
network
low complexity
bmc CWE-732
6.5
2021-05-19 CVE-2017-17678 Cross-site Scripting vulnerability in BMC Remedy Mid-Tier 9.1
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS).
network
bmc CWE-79
4.3
2020-01-15 CVE-2015-5072 Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
network
low complexity
bmc CWE-269
4.0
2020-01-15 CVE-2015-5071 Improper Privilege Management vulnerability in BMC Remedy AR System Server 8.0/9.0
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.
network
low complexity
bmc CWE-269
4.0
2019-12-04 CVE-2019-11216 Unrestricted Upload of File with Dangerous Type vulnerability in BMC Remedy Smart Reporting
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality.
network
low complexity
bmc CWE-434
5.5
2019-10-14 CVE-2019-17043 Incorrect Default Permissions vulnerability in BMC Patrol Agent 9.0.10I
An issue was discovered in BMC Patrol Agent 9.0.10i.
local
low complexity
bmc CWE-276
4.6
2019-03-21 CVE-2018-18862 Forced Browsing vulnerability in BMC Remedy Action Request System and Remedy Mid-Tier
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/.
network
low complexity
bmc CWE-425
6.5
2019-01-03 CVE-2018-19505 Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
network
low complexity
bmc CWE-287
4.0