Lucene search

[email protected]NVD:CVE-2022-26088

HistoryNov 10, 2022 - 9:15 p.m.

CVE-2022-26088

2022-11-1021:15:09

CWE-79

[email protected]

web.nvd.nist.gov

html injection

bmc remedy

authenticated users

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.4%

JSON

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the “number of recipients” field. NOTE: the vendor’s position is that “no real impact is demonstrated.”

Affected configurations

Nvd

Node

bmcremedy_it_service_management_suiteMatch20.02

VendorProductVersionCPE
bmcremedy_it_service_management_suite20.02cpe:2.3:a:bmc:remedy_it_service_management_suite:20.02:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bmc	remedy_it_service_management_suite	20.02	cpe:2.3:a:bmc:remedy_it_service_management_suite:20.02:::::::*

References

packetstormsecurity.com/files/169863/BMC-Remedy-ITSM-Suite-9.1.10-20.02-HTML-Injection.html

seclists.org/fulldisclosure/2022/Nov/10

sec-consult.com/vulnerability-lab/advisory/html-injection-in-bmc-remedy-itsm-suite/