14 matches found
EUVD-2017-8835
Malware in sbrugna...
CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+Vie...
CVE-2024-34398
The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...
CVE-2024-34399
UNSUPPORTED WHEN ASSIGNED An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version...
CVE-2024-34399
CVE-2024-34399 affects BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker can access any user account without a password, implying high impact to confidentiality, integrity, and availability as described. The impact is noted as total in the referenced metrics, with a CVSS3.1 base scor...
CVE-2024-34399
UNSUPPORTED WHEN ASSIGNED An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version...
CVE-2017-17674
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery SSRF, or remote code execution RCE...
CVE-2017-17678
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...
Server side request forgery (ssrf)
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery SSRF, or remote code execution RCE...
Cross site scripting
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...
CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...
PT-2021-8567
Name of the Vulnerable Software and Affected Versions BMC Remedy Mid Tier version 9.1SP3 Description The system is affected by remote and local file inclusion due to a lack of restrictions on targeted files. This can lead to attacks such as system fingerprinting, internal port scanning, Server Si...
CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+Vie...
PT-2019-9651 · Bmc · Bmc Remedy Mid Tier
Name of the Vulnerable Software and Affected Versions: BMC Remedy Mid-Tier versions 7.1.00 through 9.1.02.003 Description: The issue concerns incorrect access control in ITAM forms. Specifically, it affects the following API endpoints: "TLS%3APLR-Configuration+Details/Default+Admin+View/",...