Vulnerabilities > BMC > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2017-18228 Cross-site Scripting vulnerability in BMC Remedy Action Request System
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
network
low complexity
bmc CWE-79
5.4
5.4
2017-08-28 CVE-2014-9514 Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
network
low complexity
bmc CWE-79
6.1
6.1
2017-05-02 CVE-2016-5063 Improper Authorization vulnerability in BMC Server Automation 8.6/8.7
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
network
low complexity
bmc CWE-285
5.3
5.3