Filtered by vendor Bmc
                         Subscriptions
                    
                    
                
                    Total
                    75 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2024-34399 | 1 Bmc | 1 Remedy Mid-tier | 2025-10-14 | 9.8 Critical | 
| **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only. | ||||
| CVE-2024-34398 | 1 Bmc | 1 Remedy Mid-tier | 2025-10-14 | 4.2 Medium | 
| An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers. | ||||
| CVE-2025-55109 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 9 Critical | 
| An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent. The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired. In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication. | ||||
| CVE-2025-55117 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 5.3 Medium | 
| A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n". | ||||
| CVE-2025-55116 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 8.8 High | 
| A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. | ||||
| CVE-2025-55115 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 8.8 High | 
| A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above. | ||||
| CVE-2025-55113 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 9 Critical | 
| If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate. | ||||
| CVE-2025-55112 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2025-10-10 | 7.4 High | 
| Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server. | ||||
| CVE-2025-55111 | 2 Bmc, Linux | 3 Control-m/agent, Control-m\/agent, Linux Kernel | 2025-09-29 | 5.5 Medium | 
| Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files. | ||||
| CVE-2025-55118 | 1 Bmc | 1 Control-m/agent | 2025-09-17 | 8.9 High | 
| Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n". | ||||
| CVE-2025-55114 | 1 Bmc | 1 Control-m/agent | 2025-09-17 | 5.3 Medium | 
| The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion. | ||||
| CVE-2025-55110 | 1 Bmc | 1 Control-m/agent | 2025-09-17 | 5.5 Medium | 
| Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password. | ||||
| CVE-2025-48709 | 1 Bmc | 1 Control-m | 2025-09-16 | 7.8 High | 
| An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. | ||||
| CVE-2024-1605 | 1 Bmc | 1 Control-m | 2025-07-12 | 6.6 Medium | 
| BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | ||||
| CVE-2024-1606 | 1 Bmc | 1 Control-m | 2025-07-12 | 4.6 Medium | 
| Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. | ||||
| CVE-2022-26088 | 1 Bmc | 1 Remedy It Service Management Suite | 2025-05-01 | 5.4 Medium | 
| An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated." | ||||
| CVE-2014-9514 | 1 Bmc | 1 Footprints Service Core | 2025-04-20 | N/A | 
| Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | ||||
| CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2025-04-20 | N/A | 
| The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | ||||
| CVE-2017-13130 | 1 Bmc | 1 Patrol | 2025-04-20 | N/A | 
| mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | ||||
| CVE-2014-8270 | 1 Bmc | 1 Track-it\! | 2025-04-12 | N/A | 
| BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | ||||