Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
7AI Score
0.007EPSS
7.3AI Score
0.009EPSS
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
7AI Score
0.012EPSS
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.
6.9AI Score
0.0004EPSS
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6.9AI Score
0.0004EPSS
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
6.7AI Score
0.01EPSS
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the v...
7.7AI Score
0.146EPSS
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
8.1AI Score
0.281EPSS
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
7.9AI Score
0.309EPSS
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capac...
8.4AI Score
0.215EPSS
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
7.3AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.as...
8.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
5.9AI Score
0.004EPSS
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
6.7AI Score
0.001EPSS
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
9.5AI Score
0.957EPSS
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
7.9AI Score
0.003EPSS
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
6.2AI Score
0.001EPSS
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
8AI Score
0.021EPSS
6.1CVSS
6.1AI Score
0.001EPSS
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.
6.5CVSS
6.2AI Score
0.001EPSS
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
6.5CVSS
6.2AI Score
0.001EPSS
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.
6.1CVSS
6.3AI Score
0.001EPSS
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
7.5CVSS
7.4AI Score
0.339EPSS
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
7.5CVSS
7.4AI Score
0.339EPSS
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
7.5CVSS
7.4AI Score
0.002EPSS
BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.
9.8CVSS
10AI Score
0.005EPSS
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
5.3CVSS
5.1AI Score
0.029EPSS
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...
9.8CVSS
9.8AI Score
0.01EPSS
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the d...
9.8CVSS
9.4AI Score
0.005EPSS
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to e...
7.8CVSS
7.4AI Score
0.0004EPSS
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
7.8CVSS
7.5AI Score
0.0004EPSS
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
9.8CVSS
9.6AI Score
0.006EPSS
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
5.3CVSS
5.3AI Score
0.003EPSS
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
8.8CVSS
8.7AI Score
0.005EPSS
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.
6.1CVSS
6AI Score
0.001EPSS
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
8.1CVSS
8AI Score
0.003EPSS
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
5.4CVSS
5.2AI Score
0.001EPSS
BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
9.8CVSS
9.7AI Score
0.001EPSS
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/...
8.8CVSS
8.7AI Score
0.004EPSS
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_I...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if t...
7.8CVSS
8AI Score
0.08EPSS
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typica...
5.4CVSS
5.3AI Score
0.001EPSS
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.
6.5CVSS
6.3AI Score
0.01EPSS
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all vers...
9.8CVSS
9.6AI Score
0.012EPSS
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during exe...
7.8CVSS
7.6AI Score
0.001EPSS
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or...
9.8CVSS
9.7AI Score
0.002EPSS
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.
7.8CVSS
7.5AI Score
0.0004EPSS
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ge...
3.1CVSS
3.4AI Score
0.0005EPSS
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of em...
8.8CVSS
9.1AI Score
0.0005EPSS