VYPR

Vendor CVEs

BMC Software

All CVEs

88 total · sorted by risk
  • CVE-2016-6599CriJan 30, 2018
    risk 0.68cvss 9.8epss 0.13

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and…

  • CVE-2016-6598CriJan 30, 2018
    risk 0.68cvss 9.8epss 0.20

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to…

  • CVE-2026-23781CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API…

  • CVE-2016-4322CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.

  • CVE-2025-71260HigMar 19, 2026
    risk 0.60cvss 8.8epss 0.34

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the…

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2016-1542HigJun 13, 2016
    risk 0.58cvss 7.5epss 0.75

    The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.

  • CVE-2026-23780HigApr 10, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful…

  • CVE-2016-1543HigJun 13, 2016
    risk 0.57cvss 7.5epss 0.72

    The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.

  • CVE-2017-18223HigMar 10, 2018
    risk 0.53cvss 8.1epss 0.01

    BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.

  • CVE-2017-13130HigAug 23, 2017
    risk 0.51cvss 7.8epss 0.00

    mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.

  • CVE-2016-9638HigDec 2, 2016
    risk 0.51cvss 7.8epss 0.00

    In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This…

  • CVE-2026-23782HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations,…

  • CVE-2016-2349HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.01

    Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

  • CVE-2025-71257HigMar 19, 2026
    risk 0.48cvss 7.3epss 0.04

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke…

  • CVE-2018-15528MedAug 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared…

  • CVE-2015-9257MedMar 24, 2018
    risk 0.40cvss 6.1epss 0.01

    BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.

  • CVE-2014-9514MedAug 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.

  • CVE-2016-5063MedMay 2, 2017
    risk 0.38cvss 5.3epss 0.08

    The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.

  • CVE-2025-55110MedSep 16, 2025
    risk 0.36cvss 5.5epss 0.00

    Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.

  • CVE-2017-18228MedMar 12, 2018
    risk 0.35cvss 5.4epss 0.01

    Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.

  • CVE-2025-55114MedSep 16, 2025
    risk 0.34cvss 5.3epss 0.00

    The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default…

  • CVE-2025-71259MedMar 19, 2026
    risk 0.28cvss 4.3epss 0.13

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit…

  • CVE-2025-71258MedMar 19, 2026
    risk 0.28cvss 4.3epss 0.17

    BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL…

  • CVE-2026-0504LowJan 13, 2026
    risk 0.25cvss 3.8epss 0.00

    Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited…

  • CVE-2014-4872Oct 10, 2014
    risk 0.09cvss epss 0.80

    BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2)…

  • CVE-2018-20735Jan 17, 2019
    risk 0.06cvss epss 0.07

    An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent…

  • CVE-2014-8270Dec 12, 2014
    risk 0.05cvss epss 0.20

    BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

  • CVE-2014-4874Oct 10, 2014
    risk 0.04cvss epss 0.08

    BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

  • CVE-2019-8352May 20, 2019
    risk 0.03cvss epss 0.06

    By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use…

  • CVE-2014-4873Oct 10, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

  • CVE-2013-4946Jul 29, 2013
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter…

  • CVE-2013-4945Jul 29, 2013
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie…

  • CVE-2012-2959Jun 11, 2012
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

  • CVE-1999-1460Jul 13, 1999
    risk 0.03cvss epss 0.01

    BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.

  • CVE-2021-35002May 7, 2024
    risk 0.01cvss epss 0.02

    BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2022-35865Aug 3, 2022
    risk 0.01cvss epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from…

  • CVE-2011-0975Feb 10, 2011
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00…

  • CVE-2008-5982Jan 27, 2009
    risk 0.01cvss epss 0.08

    Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

  • CVE-2025-55117Sep 16, 2025
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default…

  • CVE-2025-55116Sep 16, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.

  • CVE-2025-55115Sep 16, 2025
    risk 0.00cvss epss 0.00

    A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.…

  • CVE-2025-55113Sep 16, 2025
    risk 0.00cvss epss 0.00

    If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions),…

  • CVE-2025-55112Sep 16, 2025
    risk 0.00cvss epss 0.00

    Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt…

  • CVE-2025-55111Sep 16, 2025
    risk 0.00cvss epss 0.00

    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and…

  • CVE-2025-55109Sep 16, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed…

  • CVE-2024-34398Mar 12, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.

  • CVE-2024-11597Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-34399Sep 18, 2024
    risk 0.00cvss epss 0.01

    **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer…

  • CVE-2021-35001May 7, 2024
    risk 0.00cvss epss 0.01

    BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw…

Page 1 of 2