CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-11216 – BMC Smart Reporting 7.3 20180418 XML Injection
https://notcve.org/view.php?id=CVE-2019-11216
04 Dec 2019 — BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed. BMC Smart Reporting versión 7.3 20180418, permite un ataque de tipo XXE autenticado dentro de la funcionalidad import. Se puede importar un archivo XML malicioso y realizar ataques de tipo XXE para desencadenar archivos loca... • http://packetstormsecurity.com/files/155552/BMC-Smart-Reporting-7.3-20180418-XML-Injection.html • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17043
https://notcve.org/view.php?id=CVE-2019-17043
14 Oct 2019 — An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. Se detectó un problema en BMC Patrol Agent versión 9.0.10i. Los permisos de ejecución débiles en el binario SUID best1collect.exe podrían permitir a un atacante elevar sus privilegios a los del usuario "patrol" al diseñar e... • https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17044
https://notcve.org/view.php?id=CVE-2019-17044
14 Oct 2019 — An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. Se descubrió un problema en BMC Patrol Agent versión 9.0.10i. Los permisos de ejecución débiles en el binario SUID de PatrolAgent podrían permitir a un atacante con privilegios de "patrol" elevar sus privi... • https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-patrol-agent-users-to-apply-the-security-patch-898411558.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16755
https://notcve.org/view.php?id=CVE-2019-16755
26 Sep 2019 — BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability. BMC R... • https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA21O000000gnYQSAY&type=Solution • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-1010147
https://notcve.org/view.php?id=CVE-2019-1010147
25 Jul 2019 — Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. • https://drive.google.com/open?id=1sk5IklziyEggeWpWE4Wyk9xqa30CjNpS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8352 – IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-8352
20 May 2019 — By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. Por defecto, BMC PATROL Agent hasta el 11.3.01 usa una Clave de Cifrado estática para cifrar / descifrar las credenciales de usuario enviadas a través de la red a los servicios... • https://www.exploit-db.com/exploits/46969 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 8%CPEs: 1EXPL: 2CVE-2018-20735 – BMC Patrol Agent - Privilege Escalation Code Execution Execution
https://notcve.org/view.php?id=CVE-2018-20735
17 Jan 2019 — An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you ... • https://www.exploit-db.com/exploits/46556 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-18862 – BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
https://notcve.org/view.php?id=CVE-2018-18862
07 Jan 2019 — BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. BMC Remedy Mid-Tier 7.1.00 y 9.1.02.003 para BMC Remedy AR System tiene un control de acceso incorrecto en los formularios ITAM, tal y como queda demostrado por TLS%3APLR-Configuration+Details/Default+Admin+View... • http://packetstormsecurity.com/files/151021/BMC-Remedy-ITAM-7.1.00-9.1.02.003-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19505 – BMC Remedy 7.1 User Impersonation
https://notcve.org/view.php?id=CVE-2018-19505
28 Nov 2018 — Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. En la versión 7.1 de BMC Remedy, Remedy AR System Server podría no lograr establecer el contexto de usuario correcto en determinados escenarios de suplantación, lo que podría permitir a un usuario actuar... • http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-9257
https://notcve.org/view.php?id=CVE-2015-9257
24 Mar 2018 — BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. BMC Remedy Action Request (AR) System en versiones 9.0 anteriores a la 9.0.00 Service Pack 2 hot fix 1 contiene Cross-Site Scripting (XSS) persistente. • https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •