CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-18862 – BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
https://notcve.org/view.php?id=CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. BMC Remedy Mid-Tier 7.1.00 y 9.1.02.003 para BMC Remedy AR System tiene un control de acceso incorrecto en los formularios ITAM, tal y como queda demostrado por TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/ y AR+System+Administration%3A+Server+Information/Default+Admin+View/. BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities. • http://packetstormsecurity.com/files/151021/BMC-Remedy-ITAM-7.1.00-9.1.02.003-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Jan/11 https://docs.bmc.com/docs/ars91/en/release-notes-and-notices-609073037.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18223
https://notcve.org/view.php?id=CVE-2017-18223
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. BMC Remedy AR System, en versiones anteriores a la 9.1 SP3, cuando Remedy AR Authentication está habilitado, permite que los atacantes obtengan acceso administrativo. • https://communities.bmc.com/thread/165887 • CWE-287: Improper Authentication •