threat
engine
.sh
Back
·
··:··
Home
/
Product
/
bmc patrol agent
Product
bmc patrol agent
65 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-71260
>= 20.20.02 and <= 20.24.01.001
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NE
8.8
HIGH
CVE-2025-71259
>= 20.20.02 and <= 20.24.01.001
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the extern
4.3
MEDIUM
CVE-2025-71258
>= 20.20.02 and <= 20.24.01.001
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the search
4.3
MEDIUM
CVE-2025-71257
>= 20.20.02 and <= 20.24.01.001
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcem
7.3
HIGH
CVE-2025-55117
<= 9.0.22
A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS commu
5.3
MEDIUM
CVE-2025-55116
< 9.0.20.100
A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system runnin
8.8
HIGH
CVE-2025-55115
< 9.0.20.100
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running
8.8
HIGH
CVE-2025-55113
<= 9.0.22
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agen
9.0
CRITICAL
CVE-2025-55112
<= 9.0.20.200
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use
7.4
HIGH
CVE-2025-55111
< 9.0.21
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 a
5.5
MEDIUM
CVE-2025-55109
<= 9.0.22
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earl
9.0
CRITICAL
CVE-2024-34398
all versions
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote at
4.2
MEDIUM
CVE-2024-34399
all versions
UNSUPPORTED WHEN ASSIGNED
An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to
9.8
CRITICAL
CVE-2021-35002
all versions
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute
8.8
HIGH
CVE-2021-35001
all versions
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to di
6.5
MEDIUM
CVE-2024-1606
>= 9.0.20 and < 9.0.20.238
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web
4.6
MEDIUM
CVE-2024-1605
>= 9.0.20 and < 9.0.20.238
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Writ
6.6
MEDIUM
CVE-2024-1604
>= 9.0.20 and < 9.0.20.238
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in
6.4
MEDIUM
CVE-2020-35593
<= 20.08.00
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host.
7.8
HIGH
CVE-2023-39122
< 9.0.21
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in
9.8
CRITICAL
CVE-2023-34257
<= 23.1.00
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authen
9.8
CRITICAL
CVE-2023-25508
< 3.39.30
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can u
6.7
MEDIUM
CVE-2023-25507
< 3.39.30
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can i
7.2
HIGH
CVE-2023-25505
< 3.39.30
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate leve
7.8
HIGH
CVE-2023-0201
< 1.08.00
NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an in
6.7
MEDIUM
CVE-2023-0200
< 1.08.00
NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access bey
7.5
HIGH
CVE-2023-26550
< 9.0.20.214
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memnam
9.8
CRITICAL
CVE-2022-42287
< 00.19.07
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under ce
6.0
MEDIUM
CVE-2022-42284
< 00.19.07
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposu
6.2
MEDIUM
CVE-2022-42283
< 00.19.07
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial o
6.4
MEDIUM
CVE-2022-42282
< 00.19.07
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to in
6.5
MEDIUM
CVE-2022-42280
< 00.19.07
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which
7.1
HIGH
CVE-2022-42278
< 00.19.07
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within
7.2
HIGH
CVE-2022-42275
< 00.19.07
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lea
7.7
HIGH
CVE-2022-42274
< 00.19.07
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial o
7.8
HIGH
CVE-2022-35865
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authe
9.8
CRITICAL
CVE-2022-35864
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.1
6.5
MEDIUM
CVE-2022-24047
all versions
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authe
9.8
CRITICAL
CVE-2017-17678
all versions
BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovere
6.1
MEDIUM
CVE-2017-17677
all versions
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use B
8.8
HIGH
CVE-2017-17675
all versions
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an
5.3
MEDIUM
CVE-2017-17674
all versions
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted
9.8
CRITICAL
CVE-2019-17044
all versions
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an atta
7.8
HIGH
CVE-2019-17043
all versions
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an
7.8
HIGH
CVE-2019-8352
<= 11.3.01
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the
9.8
CRITICAL
CVE-2018-18862
all versions
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by
8.8
HIGH
CVE-2018-20735
<= 11.3.01
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral mov
7.8
HIGH
CVE-2015-9257
all versions
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.
6.1
MEDIUM
CVE-2017-18228
<= 9.1
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
5.4
MEDIUM
CVE-2017-18223
< 9.1.03
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
8.1
HIGH
CVE-2016-6599
<= 11.4
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9
9.8
CRITICAL
CVE-2016-6598
<= 11.4
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010
9.8
CRITICAL
CVE-2016-2349
all versions
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank p
7.5
HIGH
CVE-2014-8270
all versions
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches
CVE-2014-4874
all versions
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
CVE-2014-4873
all versions
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute ar
CVE-2014-4872
all versions
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files
CVE-2014-2591
all versions
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, rela
CVE-2008-5982
<= 3.7
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string
CVE-2007-0310
all versions
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid user
CVE-1999-1460
<= 3.2.7
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target
CVE-1999-0801
all versions
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
CVE-1999-0921
all versions
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
CVE-1999-0443
all versions
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
CVE-1999-1459
all versions
BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin