27 matches found
BMC FootPrints 'searchWeb' - Server-Side Request Forgery
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...
BMC FootPrints 'feedUrl' - Server-Side Request Forgery
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...
BMC FootPrints - Authentication Bypass
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...
CVE-2025-71257
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...
CVE-2025-71260
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...
EUVD-2025-208875
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
EUVD-2025-208877
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...
EUVD-2025-208871
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71260
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...
CVE-2025-71257
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...
CVE-2025-71260
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02–20.24.01.001 contain a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/import/searchWeb endpoint. The url parameter enables unauthenticated attackers to force the server to access arbitrary URLs, potentially reaching internal services and im...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
CVE-2025-71257
BMC FootPrints ITSM versions 20.20.02–20.24.01.001 are affected by an authentication bypass in restricted REST API endpoints and servlets. The Nuclei template details an authentication bypass in the password reset flow: an unauthenticated actor can obtain a valid SEC_TOKEN via /footprints/service...
BMC FootPrints 代码问题漏洞
BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...
BMC FootPrints 访问控制错误漏洞
BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained a security vulnerability related to access control. This vulnerability stemmed from improper execution of security filters for...
BMC FootPrints 代码问题漏洞
BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from the VIEWSTATE processing in ASP.NET servlets, which allowed untrusted dat...
PT-2026-26060
Name of the Vulnerable Software and Affected Versions BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 Description BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted...