Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2017-13130
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
Bmc Patrol -
641
VMScore
CVE-2016-9638
In BMC Patrol prior to 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "vi...
Bmc Patrol
NA
CVE-2023-26550
A SQL injection vulnerability in BMC Control-M prior to 9.0.20.214 allows malicious users to execute arbitrary SQL commands via the memname JSON field.
Bmc Control-m
511
VMScore
CVE-2016-5063
The RSCD agent in BMC Server Automation prior to 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote malicious users to bypass authorization checks and make an RPC call via unspecified vectors.
Bmc Server Automation
2 EDB exploits
2 Github repositories
668
VMScore
CVE-2007-1972
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote malicious users to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNM...
Bmc Performance Manager
NA
CVE-2023-34257
An issue exists in BMC Patrol up to and including 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution...
Bmc Patrol Agent
755
VMScore
CVE-2019-8352
By default, BMC PATROL Agent up to and including 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials ...
Bmc Patrol Agent
1 EDB exploit
641
VMScore
CVE-2019-17044
An issue exists in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file...
Bmc Patrol Agent 9.0.10i
1 Github repository
NA
CVE-2017-9453
BMC Server Automation prior to 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
Bmc Server Automation
NA
CVE-2023-39122
BMC Control-M up to and including 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
Bmc Control-m
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »