CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18228
https://notcve.org/view.php?id=CVE-2017-18228
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. Remedy Mid Tier en BMC Remedy AR System 9.1 permite Cross-Site Scripting (XSS) mediante el parámetro ATTKey en una petición arsys/servlet/AttachServlet. • https://communities.bmc.com/thread/164169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18223
https://notcve.org/view.php?id=CVE-2017-18223
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. BMC Remedy AR System, en versiones anteriores a la 9.1 SP3, cuando Remedy AR Authentication está habilitado, permite que los atacantes obtengan acceso administrativo. • https://communities.bmc.com/thread/165887 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0310
https://notcve.org/view.php?id=CVE-2007-0310
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. BMC Remedy Action Request System 5.01.02 Patch 1267 genera diversos mensajes de error para las tentativas falladas de conexión con un username válido que para éstos con un username inválido, lo que permite que los atacantes remotos que determinen nombres de usuario válidos. • http://osvdb.org/31658 http://secunia.com/advisories/23775 http://securityreason.com/securityalert/2162 http://securitytracker.com/id?1017515 http://www.alighieri.org/advisories/advisory-remedy50102.txt http://www.securityfocus.com/archive/1/456949/100/0/threaded http://www.securityfocus.com/archive/1/457078/100/0/threaded http://www.securityfocus.com/bid/22066 http://www.vupen.com/english/advisories/2007/0204 https://exchange.xforce.ibmcloud.com/vulnerabilities/31527 •