Bmc Remedy_mid-tier
7 CVEs affecting Bmc Remedy_mid-tier. Latest disclosed: 2025-03-12. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-34399 | Critical | 9.8 | 2024-09-18 | **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account with… |
CVE-2017-17674 | Critical | 9.8 | 2021-05-19 | BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerabl… |
CVE-2017-17677 | High | 8.8 | 2021-05-19 | BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. |
CVE-2018-18862 | High | 8.8 | 2019-03-21 | BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Detai… |
CVE-2017-17678 | Medium | 6.1 | 2021-05-19 | BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility. |
CVE-2017-17675 | Medium | 5.3 | 2021-05-19 | BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system… |
CVE-2024-34398 | Medium | 4.2 | 2025-03-12 | An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers. |