BmcCVEs & Vulnerabilities

72 CVEs affecting Bmc products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

track-it\! 35patrol agent 24bladelogic server automation console 23remedy action request system 12remedy mid-tier 7control-m\/agent 7performance analysis for servers 5control-m 5
CVE-2016-2349HIGH

Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

22 Dec 2016
7.5
CVSS
CVE-2016-4322CRITICAL

BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.

13 Dec 2016
9.8
CVSS
CVE-2016-9638HIGH

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.

2 Dec 2016
7.8
CVSS
CVE-2016-1543HIGHpoc

The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.

13 Jun 2016
7.5
CVSS
CVE-2016-1542HIGHpoc

The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.

13 Jun 2016
7.5
CVSS
CVE-2014-8270MEDIUM

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

12 Dec 2014
5.0
CVSS
CVE-2014-4874MEDIUMpoc

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

10 Oct 2014
4.0
CVSS
CVE-2014-4873MEDIUMpoc

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

10 Oct 2014
6.5
CVSS
CVE-2014-4872HIGHpoc

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.

10 Oct 2014
7.5
CVSS
CVE-2014-2591MEDIUM

Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.

14 May 2014
6.9
CVSS
CVE-2013-4946MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.

30 Jul 2013
4.3
CVSS
CVE-2013-4945HIGHpoc

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.

30 Jul 2013
7.5
CVSS
CVE-2012-2959MEDIUMpoc

Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

12 Jun 2012
5.1
CVSS
CVE-2011-0975CRITICAL

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

10 Feb 2011
10.0
CVSS
CVE-2008-5982CRITICAL

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

28 Jan 2009
10.0
CVSS
CVE-2007-1972HIGH

PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured

22 Apr 2007
7.5
CVSS
CVE-2007-2136HIGH

Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.

22 Apr 2007
7.5
CVSS
CVE-2007-0310MEDIUM

BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.

18 Jan 2007
5.0
CVSS
CVE-2005-3311LOW

BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

26 Oct 2005
2.1
CVSS
CVE-1999-1460HIGHpoc

BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.

13 Jul 1999
7.2
CVSS
CVE-1999-0801CRITICAL

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

9 Apr 1999
10.0
CVSS
CVE-1999-0443CRITICAL

Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.

1 Apr 1999
10.0
CVSS
CVE-1999-0921MEDIUM

BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.

1 Apr 1999
5.0
CVSS
CVE-1999-1459HIGH

BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.

2 Nov 1998
7.2
CVSS
← PrevPage 2 / 2Next →