CRITICAL🇵🇱 Wersja polska

CVE-2019-8352

CVSS 9.8v3.1pub. 2019-05-20upd. 2024-11-21

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bmc Patrol Agent

    APP
    Bmc
    ≤ 11.3.01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2023-34257CRITICAL9.8ten sam produkt

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and...

CVE-2020-35593HIGH7.8ten sam produkt

BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -ho...

CVE-2019-17044HIGH7.8ten sam produkt

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary...

CVE-2019-17043HIGH7.8ten sam produkt

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID b...

CVE-2018-20735HIGH7.8ten sam produkt

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can a...