6 matches found
CVE-2013-4946
CVE-2013-4946 concerns multiple XSS vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95. The affected component is the web interface, with input vectors in three parameters: SelTab (QV_admin.aspx), CallBack (QV_grid.aspx), and HelpPage (commonhelp.aspx). The root cause is cross-site scrip...
CVE-2013-4945
CVE-2013-4945 affects BMC Service Desk Express (SDE) version 10.2.1.95, where multiple SQL injection flaws allow remote attackers to inject arbitrary SQL through cookies (ASPSESSIONIDASSRATTQ, TABLE_WIDGET_1, TABLE_WIDGET_2, browserDateTimeInfo, browserNumberInfo) or the UID parameter to login.as...
Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...
BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 -...
BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...
BMC Service Desk Express 10.2.1.95 XSS / SQL Injection
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...