Vulnerabilities > BMC > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-24 CVE-2015-9257 Cross-site Scripting vulnerability in BMC Remedy Action Request System
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.
network
bmc CWE-79
4.3
2018-03-10 CVE-2017-18223 Improper Authentication vulnerability in BMC Remedy Action Request System
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
network
bmc CWE-287
6.8
2017-08-28 CVE-2014-9514 Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
network
bmc CWE-79
4.3
2017-05-02 CVE-2016-5063 Improper Authorization vulnerability in BMC Server Automation
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
network
low complexity
bmc CWE-285
5.0
2016-12-21 CVE-2016-2349 Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
network
low complexity
bmc CWE-640
5.0
2016-06-13 CVE-2016-1543 Improper Access Control vulnerability in BMC Bladelogic Server Automation Console
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
network
low complexity
bmc CWE-284
5.0
2016-06-13 CVE-2016-1542 Improper Input Validation vulnerability in BMC Bladelogic Server Automation Console
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
network
low complexity
bmc CWE-20
5.0
2014-05-14 CVE-2014-2591 Privilege Escalation vulnerability in BMC Patrol Agent 3.9.00
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
local
bmc
6.9
2013-07-29 CVE-2013-4946 Cross-Site Scripting vulnerability in BMC Service Desk Express 10.2.1.95
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
network
bmc CWE-79
4.3
2012-06-11 CVE-2012-2959 Cross-Site Request Forgery (CSRF) vulnerability in BMC Identity Management Suite 7.5.00.103
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
network
high complexity
bmc CWE-352
5.1