Every CVE whose affected-product data names Bmc Remedy Mid-tier, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-34399 — CVSS 9.8 (critical): **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access…
CVE-2017-17674 — CVSS 9.8 (critical): BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the…
CVE-2018-18862 — CVSS 8.8 (high): BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by…
CVE-2017-17677 — CVSS 8.8 (high): BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT…
CVE-2017-17678 — CVSS 6.1 (medium): BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a…
CVE-2017-17675 — CVSS 5.3 (medium): BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker…
CVE-2024-34398 — CVSS 4.2 (medium): An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.