CVE-2015-9257
https://notcve.org/view.php?id=CVE-2015-9257
24 Mar 2018 — BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. BMC Remedy Action Request (AR) System en versiones 9.0 anteriores a la 9.0.00 Service Pack 2 hot fix 1 contiene Cross-Site Scripting (XSS) persistente. • https://docs.bmc.com/docs/display/public/ars9000/Cross+site+scripting+%28XSS%29+in+Remedy+9.0%2C+9.0+Service+Pack+1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18228
https://notcve.org/view.php?id=CVE-2017-18228
12 Mar 2018 — Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. Remedy Mid Tier en BMC Remedy AR System 9.1 permite Cross-Site Scripting (XSS) mediante el parámetro ATTKey en una petición arsys/servlet/AttachServlet. • https://communities.bmc.com/thread/164169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18223
https://notcve.org/view.php?id=CVE-2017-18223
10 Mar 2018 — BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. BMC Remedy AR System, en versiones anteriores a la 9.1 SP3, cuando Remedy AR Authentication está habilitado, permite que los atacantes obtengan acceso administrativo. • https://communities.bmc.com/thread/165887 • CWE-287: Improper Authentication •
CVE-2016-2349
https://notcve.org/view.php?id=CVE-2016-2349
21 Dec 2016 — Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. Remedy AR System Server en BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1 y 9.1 permite a atacantes reiniciar contraseñas arbitrarias a través de una contraseña en blanco previa. • http://www.securityfocus.com/bid/95075 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •