Vulnerabilities > BMC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2019-1010147 | Cross-site Scripting vulnerability in multiple products Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. | 5.4 |
| 2019-01-03 | CVE-2018-19505 | Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1 Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 6.5 |
| 2018-03-24 | CVE-2015-9257 | Cross-site Scripting vulnerability in BMC Remedy Action Request System BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | 6.1 |
| 2018-03-12 | CVE-2017-18228 | Cross-site Scripting vulnerability in BMC Remedy Action Request System Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | 5.4 |
| 2017-08-28 | CVE-2014-9514 | Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5 Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | 6.1 |
| 2017-05-02 | CVE-2016-5063 | Improper Authorization vulnerability in BMC Server Automation 8.6/8.7 The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | 5.3 |