Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2959
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote malicious users to hijack the authentication of administrators for requests that change passwords.
Bmc Identity Management Suite 7.5.00.103
1 EDB exploit
5.3
CVSSv3
CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an malicious user to hijack the system logs. This data can include user names and HTTP data.
Bmc Remedy Mid-tier 9.1
8.8
CVSSv3
CVE-2017-17677
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
Bmc Remedy Mid-tier 9.1
6.1
CVSSv3
CVE-2014-9514
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
Bmc Footprints Service Core 11.5
9.8
CVSSv3
CVE-2017-17674
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code ex...
Bmc Remedy Mid-tier 9.1
NA
CVE-2013-4784
The HP Integrated Lights-Out (iLO) BMC implementation allows remote malicious users to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Hp Integrated Lights-out Bmc
1 Github repository
6.1
CVSSv3
CVE-2017-17678
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability exists in a legacy utility.
Bmc Remedy Mid-tier 9.1
9.8
CVSSv3
CVE-2016-4322
BMC BladeLogic Server Automation (BSA) prior to 8.7 Patch 3 allows remote malicious users to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.
Bmc Bladelogic Server Automation Console 8.7.00
NA
CVE-2007-0310
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote malicious users to determine valid account names.
Bmc Remedy Action Request System 5.01.02 Patch 1267
4.3
CVSSv3
CVE-2020-2127
Jenkins BMC Release Package and Deployment Plugin 1.1 and previous versions stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Bmc Release Package And Deployment
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »