Remedy AR System Server
by BMC Software
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18223 | Hig | 0.53 | 8.1 | 0.01 | Mar 10, 2018 | BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | ||
| CVE-2016-2349 | Hig | 0.49 | 7.5 | 0.01 | Dec 21, 2016 | Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | ||
| CVE-2017-18228 | Med | 0.35 | 5.4 | 0.01 | Mar 12, 2018 | Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | ||
| CVE-2015-5072 | 0.00 | — | 0.02 | Jan 15, 2020 | The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | |||
| CVE-2018-19505 | 0.00 | — | 0.02 | Jan 3, 2019 | Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution… |
- risk 0.53cvss 8.1epss 0.01
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
- risk 0.49cvss 7.5epss 0.01
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
- risk 0.35cvss 5.4epss 0.01
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
- CVE-2015-5072Jan 15, 2020risk 0.00cvss —epss 0.02
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
- CVE-2018-19505Jan 3, 2019risk 0.00cvss —epss 0.02
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution…