Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34257 | 1 Bmc | 1 Patrol | 2025-01-10 | N/A | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication." | |||||
| CVE-2023-34258 | 1 Bmc | 1 Patrol | 2025-01-08 | N/A | 7.5 HIGH |
| An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. | |||||
| CVE-2017-13130 | 1 Bmc | 1 Patrol | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | |||||
| CVE-2016-9638 | 1 Bmc | 1 Patrol | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root. | |||||