VYPR

Remedy AR System Server

by BMC Software

CVEs (5)

  • CVE-2017-18223HigMar 10, 2018
    risk 0.53cvss 8.1epss 0.01

    BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.

  • CVE-2016-2349HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.01

    Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

  • CVE-2017-18228MedMar 12, 2018
    risk 0.35cvss 5.4epss 0.01

    Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.

  • CVE-2015-5072Jan 15, 2020
    risk 0.00cvss epss 0.02

    The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

  • CVE-2018-19505Jan 3, 2019
    risk 0.00cvss epss 0.02

    Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution…