Vulnerabilities > BMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-24 | CVE-2015-9257 | Cross-site Scripting vulnerability in BMC Remedy Action Request System BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | 4.3 |
| 2018-03-10 | CVE-2017-18223 | Improper Authentication vulnerability in BMC Remedy Action Request System BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | 6.8 |
| 2017-08-28 | CVE-2014-9514 | Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5 Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | 4.3 |
| 2017-05-02 | CVE-2016-5063 | Improper Authorization vulnerability in BMC Server Automation The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | 5.0 |
| 2016-12-21 | CVE-2016-2349 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1 Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 5.0 |
| 2016-06-13 | CVE-2016-1543 | Improper Access Control vulnerability in BMC Bladelogic Server Automation Console The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. | 5.0 |
| 2016-06-13 | CVE-2016-1542 | Improper Input Validation vulnerability in BMC Bladelogic Server Automation Console The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure. | 5.0 |
| 2014-05-14 | CVE-2014-2591 | Privilege Escalation vulnerability in BMC Patrol Agent 3.9.00 Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. local bmc | 6.9 |
| 2013-07-29 | CVE-2013-4946 | Cross-Site Scripting vulnerability in BMC Service Desk Express 10.2.1.95 Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx. | 4.3 |
| 2012-06-11 | CVE-2012-2959 | Cross-Site Request Forgery (CSRF) vulnerability in BMC Identity Management Suite 7.5.00.103 Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. | 5.1 |