VYPR
Vendor

BMC Software

BMC Software, Inc. is an American multinational information technology (IT) services and consulting, and enterprise software company. In 2025, the company's Helix product was spun off into the independent IT service and operations-focused company BMC Helix. Both companies are owned by KKR and based in Houston, Texas.

Founded 1980
Products
30
CVEs
88
Across products
102
Status
Private

Products

30

Recent CVEs

88
View all 88 CVEs →
  • CVE-2016-6599CriJan 30, 2018
    risk 0.68cvss 9.8epss 0.13

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and…

  • CVE-2016-6598CriJan 30, 2018
    risk 0.68cvss 9.8epss 0.20

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to…

  • CVE-2026-23781CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API…

  • CVE-2016-4322CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.

  • CVE-2025-71260HigMar 19, 2026
    risk 0.60cvss 8.8epss 0.34

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the…

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2016-1542HigJun 13, 2016
    risk 0.58cvss 7.5epss 0.75

    The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.

  • CVE-2026-23780HigApr 10, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful…

  • CVE-2016-1543HigJun 13, 2016
    risk 0.57cvss 7.5epss 0.72

    The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.

  • CVE-2017-18223HigMar 10, 2018
    risk 0.53cvss 8.1epss 0.01

    BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.

  • CVE-2017-13130HigAug 23, 2017
    risk 0.51cvss 7.8epss 0.00

    mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.

  • CVE-2016-9638HigDec 2, 2016
    risk 0.51cvss 7.8epss 0.00

    In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This…

  • CVE-2026-23782HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations,…

  • CVE-2016-2349HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.01

    Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

  • CVE-2025-71257HigMar 19, 2026
    risk 0.48cvss 7.3epss 0.04

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke…

  • CVE-2018-15528MedAug 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared…

  • CVE-2015-9257MedMar 24, 2018
    risk 0.40cvss 6.1epss 0.01

    BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.

  • CVE-2014-9514MedAug 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.

  • CVE-2016-5063MedMay 2, 2017
    risk 0.38cvss 5.3epss 0.08

    The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.

  • CVE-2025-55110MedSep 16, 2025
    risk 0.36cvss 5.5epss 0.00

    Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.