Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an malicious user to hijack the system logs. This data can include user names and HTTP data.
Bmc Remedy Mid-tier 9.1
5.1
CVSSv2
CVE-2012-2959
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote malicious users to hijack the authentication of administrators for requests that change passwords.
Bmc Identity Management Suite 7.5.00.103
1 EDB exploit
7.5
CVSSv2
CVE-2013-4945
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote malicious users to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie par...
Bmc Service Desk Express 10.2.1.95
1 EDB exploit
4.3
CVSSv2
CVE-2013-4946
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote malicious users to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage param...
Bmc Service Desk Express 10.2.1.95
1 EDB exploit
4.3
CVSSv2
CVE-2014-9514
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
Bmc Footprints Service Core 11.5
3.5
CVSSv2
CVE-2017-18228
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
Bmc Remedy Action Request System
10
CVSSv2
CVE-2013-4784
The HP Integrated Lights-Out (iLO) BMC implementation allows remote malicious users to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Hp Integrated Lights-out Bmc
1 Github repository
4
CVSSv2
CVE-2020-2127
Jenkins BMC Release Package and Deployment Plugin 1.1 and previous versions stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Bmc Release Package And Deployment
2.1
CVSSv2
CVE-2005-3311
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Bmc Software Control-m Agent 6.1.03
5
CVSSv2
CVE-2007-0310
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote malicious users to determine valid account names.
Bmc Remedy Action Request System 5.01.02 Patch 1267
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »