Known Vulnerabilities for products from Bmc
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bmc".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-71260 json | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the A... | Not Provided | 2026-03-19 | 2026-04-22 |
| CVE-2025-71259 json | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the e... | Not Provided | 2026-03-19 | 2026-04-22 |
| CVE-2025-71258 json | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the s... | Not Provided | 2026-03-19 | 2026-04-22 |
| CVE-2025-71257 json | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enf... | Not Provided | 2026-03-19 | 2026-04-22 |
| CVE-2023-39122 json | BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fix... | 9.8 - CRITICAL | 2023-07-31 | 2023-08-04 |
| CVE-2023-34258 json | An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration c... | 7.5 - HIGH | 2023-05-31 | 2023-06-08 |
| CVE-2023-34257 json | ** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and... | 9.8 - CRITICAL | 2023-05-31 | 2023-11-07 |
| CVE-2023-26550 json | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the m... | 9.8 - CRITICAL | 2023-02-25 | 2023-03-07 |
| CVE-2022-35865 json | This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. ... | 9.8 - CRITICAL | 2022-08-03 | 2022-08-09 |
| CVE-2022-35864 json | This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21... | 6.5 - MEDIUM | 2022-08-03 | 2022-08-09 |
| CVE-2022-26088 json | An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to injec... | 5.4 - MEDIUM | 2022-11-10 | 2022-11-15 |
| CVE-2022-24047 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-18 | 2022-03-01 |
| CVE-2020-35593 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2023-09-05 | 2023-09-09 |
| CVE-2019-1010147 json | Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The imp... | 5.4 - MEDIUM | 2019-07-26 | 2019-08-05 |
| CVE-2019-17044 json | An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an... | 7.8 - HIGH | 2019-10-14 | 2019-10-18 |
| CVE-2019-17043 json | An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could all... | 7.8 - HIGH | 2019-10-14 | 2019-10-18 |
| CVE-2019-16755 json | BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote att... | 9.8 - CRITICAL | 2019-09-26 | 2019-10-02 |
| CVE-2019-11216 json | BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML fil... | 6.5 - MEDIUM | 2019-12-04 | 2019-12-13 |
| CVE-2019-8352 json | By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent ove... | 9.8 - CRITICAL | 2019-05-20 | 2022-03-30 |
| CVE-2018-20735 json | ** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can a... | 7.8 - HIGH | 2019-01-17 | 2023-11-07 |
Known software with vulnerabilities from Bmc
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bmc | Atrium Integration Engine | 7.1.0 |
| Application | Bmc | Batch Impact Manager | 6.4.1 |
| Application | Bmc | Bladelogic Server Automation Console | 8.0.0.0 |
| Application | Bmc | Bladelogic Server Automation Operations Manager | 7.4.6.790 |
| Application | Bmc | Bladelogic Server Automation Rscd Agent | 7.4.6.790 |
| Application | Bmc | Control-m/agent | 6.3.1 |
| Application | Bmc | Control-m/enterprise Manager | 6.4.1 |
| Application | Bmc | Control-m/forecast | 6.4.1 |
| Application | Bmc | Control-m/server | 6.4.1 |
| Application | Bmc | Footprints Service Core | 11.5 |
| Application | Bmc | Guardian Angel | - |
| Application | Bmc | Myit Digital Workplace | - |
| Application | Bmc | Patrol | - |
| Application | Bmc | Patrol Agent | - |
| Application | Bmc | Patrol Perform Agent | - |
| Application | Bmc | Performance Manager | - |
| Application | Bmc | Remedy Action Request System | - |
| Application | Bmc | Remedy Action Request System Administrator | 6.3 |
| Application | Bmc | Remedy Action Request System Alert | 7.1 |
| Application | Bmc | Remedy Action Request System Email Engine | 6.3 |