CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-18862 – BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
https://notcve.org/view.php?id=CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. BMC Remedy Mid-Tier 7.1.00 y 9.1.02.003 para BMC Remedy AR System tiene un control de acceso incorrecto en los formularios ITAM, tal y como queda demostrado por TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/ y AR+System+Administration%3A+Server+Information/Default+Admin+View/. BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities. • http://packetstormsecurity.com/files/151021/BMC-Remedy-ITAM-7.1.00-9.1.02.003-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Jan/11 https://docs.bmc.com/docs/ars91/en/release-notes-and-notices-609073037.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19505 – BMC Remedy 7.1 User Impersonation
https://notcve.org/view.php?id=CVE-2018-19505
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. En la versión 7.1 de BMC Remedy, Remedy AR System Server podría no lograr establecer el contexto de usuario correcto en determinados escenarios de suplantación, lo que podría permitir a un usuario actuar con la identidad de otro usuario debido a que userdata.js en el componente WOI:WorkOrderConsole permite una sustitución del nombre de usuario que implica una llamada UserData_Init. An impersonation issue in BMC Remedy version 7.1 may lead to incorrect user context in Remedy AR System Server. • http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html http://seclists.org/fulldisclosure/2018/Nov/62 http://www.securitytracker.com/id/1042177 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-9257
https://notcve.org/view.php?id=CVE-2015-9257
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. BMC Remedy Action Request (AR) System en versiones 9.0 anteriores a la 9.0.00 Service Pack 2 hot fix 1 contiene Cross-Site Scripting (XSS) persistente. • https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18228
https://notcve.org/view.php?id=CVE-2017-18228
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. Remedy Mid Tier en BMC Remedy AR System 9.1 permite Cross-Site Scripting (XSS) mediante el parámetro ATTKey en una petición arsys/servlet/AttachServlet. • https://communities.bmc.com/thread/164169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18223
https://notcve.org/view.php?id=CVE-2017-18223
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. BMC Remedy AR System, en versiones anteriores a la 9.1 SP3, cuando Remedy AR Authentication está habilitado, permite que los atacantes obtengan acceso administrativo. • https://communities.bmc.com/thread/165887 • CWE-287: Improper Authentication •