CVE-2007-0310
CVE-2007-0310 is a medium-severity vulnerability in Bmc Remedy Action Request System with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (76th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Bmc Remedy Action Request System
- Published:
- Last modified:
Description
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
Frequently asked questions
- What is CVE-2007-0310?
- BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
- How severe is CVE-2007-0310?
- CVE-2007-0310 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2007-0310 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (76th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-0310?
- CVE-2007-0310 affects Bmc Remedy Action Request System. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2007-0310?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-0310 published?
- CVE-2007-0310 was published on 2007-01-18 and last updated on 2026-06-16.
References
- http://osvdb.org/31658
- http://secunia.com/advisories/23775
- http://securityreason.com/securityalert/2162
- http://securitytracker.com/id?1017515
- http://www.alighieri.org/advisories/advisory-remedy50102.txt
- http://www.securityfocus.com/archive/1/456949/100/0/threaded
- http://www.securityfocus.com/archive/1/457078/100/0/threaded
- http://www.securityfocus.com/bid/22066
- http://www.vupen.com/english/advisories/2007/0204
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31527
Affected products (1)
- cpe:2.3:a:bmc:remedy_action_request_system:5.01.02_patch_1267:*:*:*:*:*:*:*
More vulnerabilities in Bmc Remedy Action Request System
- CVE-2018-18862 — High (CVSS 8.8): BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as…
- CVE-2017-18223 — High (CVSS 8.1): BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain…
- CVE-2016-2349 — High (CVSS 7.5): Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords…
- CVE-2015-9257 — Medium (CVSS 6.1): BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.
- CVE-2017-18228 — Medium (CVSS 5.4): Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet…