Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2017-17677
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
Bmc Remedy Mid-tier 9.1
6.5
CVSSv2
CVE-2020-26122
Inspur NF5266M5 up to and including 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the...
Inspur Nf8480m5 Firmware
Inspur Nf8260m5 Firmware
Inspur Ns5162m5 Firmware
Inspur Ns5488m5 Firmware
Inspur Ns5484m5 Firmware
Inspur Ns5482m5 Firmware
Inspur Nf5280m5 Firmware
Inspur Nf5468m5 Firmware
Inspur Nf5488m5-d Firmware
Inspur Nf5180m5 Firmware
Inspur Nf5270m5 Firmware
Inspur Nf5260m5 Firmware
Inspur Nf5266m5 Firmware
Inspur Nf5466m5 Firmware
Inspur Nf5486m5 Firmware
6.5
CVSSv2
CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/...
Bmc Remedy Action Request System 9.1.02.003
Bmc Remedy Mid-tier 7.1.00
6.5
CVSSv2
CVE-2018-9086
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
Lenovo Thinkserver Rd340 Firmware
Lenovo Thinkserver Rd440 Firmware
Lenovo Thinkserver Rd640 Firmware
Lenovo Thinkserver Td340 Firmware
6.5
CVSSv2
CVE-2014-4873
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
Bmc Track-it\\! 11.3.0.355
1 EDB exploit
6.5
CVSSv2
CVE-2006-3827
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and previous versions allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
Kailash Nadh Boastmachine 2.5
Kailash Nadh Boastmachine 2.7
Kailash Nadh Boastmachine 2.8
Kailash Nadh Boastmachine 2.9b
Kailash Nadh Boastmachine 3.1
6.4
CVSSv2
CVE-2019-4169
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
Ibm Open Power Op910
Ibm Open Power Op920
6.2
CVSSv2
CVE-2012-4096
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.
Cisco Unified Computing System -
6
CVSSv2
CVE-2019-19215
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote malicious users to have unspecified impact via vectors related to the configured IP address or SMTP s...
Bmcsoftware Control-m\\/agent 7.0.00.000
5.8
CVSSv2
CVE-2021-0070
Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.
Intel Efi Bios 7215
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »