Vendor CVEs
BMC Software
All CVEs
88 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1606 | 0.00 | — | 0.00 | Mar 18, 2024 | Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to… | |||
| CVE-2024-1605 | 0.00 | — | 0.00 | Mar 18, 2024 | BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's… | |||
| CVE-2024-1604 | 0.00 | — | 0.00 | Mar 18, 2024 | Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know… | |||
| CVE-2020-35593 | 0.00 | — | 0.00 | Sep 5, 2023 | BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | |||
| CVE-2023-39122 | 0.00 | — | 0.01 | Jul 31, 2023 | BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | |||
| CVE-2023-34258 | 0.00 | — | 0.01 | May 31, 2023 | An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. | |||
| CVE-2023-34257 | 0.00 | — | 0.01 | May 31, 2023 | An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when… | |||
| CVE-2023-26550 | 0.00 | — | 0.01 | Feb 25, 2023 | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | |||
| CVE-2022-26088 | 0.00 | — | 0.01 | Nov 10, 2022 | An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of… | |||
| CVE-2022-35864 | 0.00 | — | 0.01 | Aug 3, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results… | |||
| CVE-2022-24047 | 0.00 | — | 0.02 | Feb 18, 2022 | This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from… | |||
| CVE-2017-17677 | 0.00 | — | 0.01 | May 19, 2021 | BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | |||
| CVE-2017-17675 | 0.00 | — | 0.01 | May 19, 2021 | BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data. | |||
| CVE-2017-17678 | 0.00 | — | 0.01 | May 19, 2021 | BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility. | |||
| CVE-2017-17674 | 0.00 | — | 0.03 | May 19, 2021 | BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code… | |||
| CVE-2019-19215 | 0.00 | — | 0.02 | Apr 30, 2020 | A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server. | |||
| CVE-2019-19216 | 0.00 | — | 0.01 | Apr 30, 2020 | BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | |||
| CVE-2019-19217 | 0.00 | — | 0.02 | Apr 30, 2020 | BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. | |||
| CVE-2019-19218 | 0.00 | — | 0.01 | Apr 30, 2020 | BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | |||
| CVE-2019-19219 | 0.00 | — | 0.01 | Apr 30, 2020 | BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. | |||
| CVE-2019-19220 | 0.00 | — | 0.02 | Apr 30, 2020 | BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | |||
| CVE-2015-5071 | 0.00 | — | 0.02 | Jan 15, 2020 | AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | |||
| CVE-2015-5072 | 0.00 | — | 0.02 | Jan 15, 2020 | The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | |||
| CVE-2019-17043 | 0.00 | — | 0.00 | Oct 14, 2019 | An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during… | |||
| CVE-2019-17044 | 0.00 | — | 0.00 | Oct 14, 2019 | An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will… | |||
| CVE-2019-16755 | 0.00 | — | 0.03 | Sep 26, 2019 | BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions:… | |||
| CVE-2018-18862 | 0.00 | — | 0.03 | Mar 17, 2019 | BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/… | |||
| CVE-2018-19505 | 0.00 | — | 0.02 | Jan 3, 2019 | Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution… | |||
| CVE-2014-2591 | 0.00 | — | 0.01 | May 14, 2014 | Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||
| CVE-2007-2136 | 0.00 | — | 0.04 | Apr 22, 2007 | Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | |||
| CVE-2007-1972 | 0.00 | — | 0.04 | Apr 22, 2007 | PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP… | |||
| CVE-2007-0310 | 0.00 | — | 0.02 | Jan 18, 2007 | BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | |||
| CVE-2005-3311 | 0.00 | — | 0.00 | Oct 26, 2005 | BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-1999-1355 | 0.00 | — | 0.02 | Dec 31, 1999 | BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges. | |||
| CVE-1999-0801 | 0.00 | — | 0.02 | Apr 9, 1999 | BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. | |||
| CVE-1999-0443 | 0.00 | — | 0.02 | Apr 1, 1999 | Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password. | |||
| CVE-1999-0921 | 0.00 | — | 0.02 | Apr 1, 1999 | BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. | |||
| CVE-1999-1459 | 0.00 | — | 0.00 | Nov 2, 1998 | BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. |
- CVE-2024-1606Mar 18, 2024risk 0.00cvss —epss 0.00
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to…
- CVE-2024-1605Mar 18, 2024risk 0.00cvss —epss 0.00
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's…
- CVE-2024-1604Mar 18, 2024risk 0.00cvss —epss 0.00
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know…
- CVE-2020-35593Sep 5, 2023risk 0.00cvss —epss 0.00
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.
- CVE-2023-39122Jul 31, 2023risk 0.00cvss —epss 0.01
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
- CVE-2023-34258May 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.
- CVE-2023-34257May 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when…
- CVE-2023-26550Feb 25, 2023risk 0.00cvss —epss 0.01
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
- CVE-2022-26088Nov 10, 2022risk 0.00cvss —epss 0.01
An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of…
- CVE-2022-35864Aug 3, 2022risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results…
- CVE-2022-24047Feb 18, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from…
- CVE-2017-17677May 19, 2021risk 0.00cvss —epss 0.01
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
- CVE-2017-17675May 19, 2021risk 0.00cvss —epss 0.01
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
- CVE-2017-17678May 19, 2021risk 0.00cvss —epss 0.01
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.
- CVE-2017-17674May 19, 2021risk 0.00cvss —epss 0.03
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code…
- CVE-2019-19215Apr 30, 2020risk 0.00cvss —epss 0.02
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.
- CVE-2019-19216Apr 30, 2020risk 0.00cvss —epss 0.01
BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.
- CVE-2019-19217Apr 30, 2020risk 0.00cvss —epss 0.02
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.
- CVE-2019-19218Apr 30, 2020risk 0.00cvss —epss 0.01
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
- CVE-2019-19219Apr 30, 2020risk 0.00cvss —epss 0.01
BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.
- CVE-2019-19220Apr 30, 2020risk 0.00cvss —epss 0.02
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
- CVE-2015-5071Jan 15, 2020risk 0.00cvss —epss 0.02
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.
- CVE-2015-5072Jan 15, 2020risk 0.00cvss —epss 0.02
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
- CVE-2019-17043Oct 14, 2019risk 0.00cvss —epss 0.00
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during…
- CVE-2019-17044Oct 14, 2019risk 0.00cvss —epss 0.00
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will…
- CVE-2019-16755Sep 26, 2019risk 0.00cvss —epss 0.03
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions:…
- CVE-2018-18862Mar 17, 2019risk 0.00cvss —epss 0.03
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/…
- CVE-2018-19505Jan 3, 2019risk 0.00cvss —epss 0.02
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution…
- CVE-2014-2591May 14, 2014risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
- CVE-2007-2136Apr 22, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
- CVE-2007-1972Apr 22, 2007risk 0.00cvss —epss 0.04
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP…
- CVE-2007-0310Jan 18, 2007risk 0.00cvss —epss 0.02
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
- CVE-2005-3311Oct 26, 2005risk 0.00cvss —epss 0.00
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-1999-1355Dec 31, 1999risk 0.00cvss —epss 0.02
BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
- CVE-1999-0801Apr 9, 1999risk 0.00cvss —epss 0.02
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
- CVE-1999-0443Apr 1, 1999risk 0.00cvss —epss 0.02
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
- CVE-1999-0921Apr 1, 1999risk 0.00cvss —epss 0.02
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
- CVE-1999-1459Nov 2, 1998risk 0.00cvss —epss 0.00
BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
Page 2 of 2