Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42287
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.
Nvidia Bmc
10
CVSSv2
CVE-2013-4782
The Supermicro BMC implementation allows remote malicious users to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Supermicro Bmc
NA
CVE-2020-35593
BMC PATROL Agent up to and including 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.
Bmc Patrol Agent
NA
CVE-2023-34257
An issue exists in BMC Patrol up to and including 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution...
Bmc Patrol Agent
7.5
CVSSv2
CVE-2019-8352
By default, BMC PATROL Agent up to and including 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials ...
Bmc Patrol Agent
1 EDB exploit
7.2
CVSSv2
CVE-2019-17044
An issue exists in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file...
Bmc Patrol Agent 9.0.10i
1 Github repository
NA
CVE-2023-39122
BMC Control-M up to and including 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
Bmc Control-m
NA
CVE-2017-9453
BMC Server Automation prior to 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
Bmc Server Automation
7.2
CVSSv2
CVE-2018-20735
An issue exists in BMC PATROL Agent up to and including 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent applica...
Bmc Patrol Agent
1 EDB exploit
7.5
CVSSv2
CVE-2007-1972
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote malicious users to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNM...
Bmc Performance Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »