CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34399
https://notcve.org/view.php?id=CVE-2024-34399
18 Sep 2024 — An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only. **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. • https://www.gruppotim.it/it/footer/red-team.html • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1606 – HTML injection in BMC Control-M
https://notcve.org/view.php?id=CVE-2024-1606
18 Mar 2024 — Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. La falta de sanitización de entradas en las ramas 9.0.20 y 9.0.21 de BMC Control-M p... • https://cert.pl/en/posts/2024/03/CVE-2024-1604 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1605 – DLL side-loading in BMC Control-M
https://notcve.org/view.php?id=CVE-2024-1605
18 Mar 2024 — BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. BMC Control-M ramificaciones 9.0.20 y 9.0.21 al iniciar sesión el usuario carga todas las librerías de víncu... • https://cert.pl/en/posts/2024/03/CVE-2024-1604 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1604 – Incorrect authorization in BMC Control-M
https://notcve.org/view.php?id=CVE-2024-1604
18 Mar 2024 — Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. La autorización inadecuada en el módulo de creación y ges... • https://cert.pl/en/posts/2024/03/CVE-2024-1604 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9453
https://notcve.org/view.php?id=CVE-2017-9453
05 Sep 2023 — BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. BMC Server Automation anterior a 8.9.01 parche 1 permite la ejecución del comando Process Spawner debido a la omisión de autenticación. • https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35593
https://notcve.org/view.php?id=CVE-2020-35593
05 Sep 2023 — BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. BMC PATROL Agent hasta 20.08.00 permite la escalada de privilegios locales a través de vectores que involucran pconfig +RESTART -host. • http://web.archive.org/web/20210106175128/https://community.bmc.com/s/article/SECURITY-Patrol-Agent-Local-Privilege-Escalation-in-BMC-PATROL-Agent-CVE-2020-35593 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39122
https://notcve.org/view.php?id=CVE-2023-39122
31 Jul 2023 — BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). • https://github.com/DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34258
https://notcve.org/view.php?id=CVE-2023-34258
31 May 2023 — An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. • https://gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34257
https://notcve.org/view.php?id=CVE-2023-34257
31 May 2023 — An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication." • https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconfig •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26550
https://notcve.org/view.php?id=CVE-2023-26550
25 Feb 2023 — A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. • https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-ControlM-Multiple-Vulnerabilities.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •