Lucene search
K

27 matches found

Nuclei
Nuclei
added yesterday12 views

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday16 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday9 views

BMC FootPrints - Authentication Bypass

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...

9.1CVSS6.1AI score0.3436EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.4 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

7.3CVSS6.1AI score0.044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.5 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS7AI score0.3436EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/19 3:31 p.m.3 views

EUVD-2025-208875

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS5.9AI score0.12916EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/19 3:31 p.m.4 views

EUVD-2025-208877

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/19 3:31 p.m.6 views

EUVD-2025-208871

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

7.3CVSS5.9AI score0.044EPSS
Exploits1References4
NVD
NVD
added 2026/03/19 2:16 p.m.5 views

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

7.1CVSS0.12916EPSS
Exploits1References3
NVD
NVD
added 2026/03/19 2:16 p.m.9 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.3436EPSS
Exploits1References3
NVD
NVD
added 2026/03/19 2:16 p.m.8 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

9.1CVSS0.044EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:45 p.m.4 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:44 p.m.2 views

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS5.9AI score0.12916EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/19 1:44 p.m.12 views

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 contain a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/import/searchWeb endpoint. The url parameter enables unauthenticated attackers to force the server to access arbitrary URLs, potentially reaching internal services and im...

7.1CVSS5.9AI score0.1743EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:44 p.m.1 views

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...

5.3CVSS5.9AI score0.1743EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/19 1:43 p.m.22 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 are affected by an authentication bypass in restricted REST API endpoints and servlets. The Nuclei template details an authentication bypass in the password reset flow: an unauthenticated actor can obtain a valid SEC_TOKEN via /footprints/service...

9.1CVSS5.9AI score0.044EPSS
In wildExploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...

7.1CVSS6.1AI score0.12916EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

BMC FootPrints 访问控制错误漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained a security vulnerability related to access control. This vulnerability stemmed from improper execution of security filters for...

9.1CVSS6.2AI score0.044EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from the VIEWSTATE processing in ASP.NET servlets, which allowed untrusted dat...

8.8CVSS6.4AI score0.3436EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-26060

Name of the Vulnerable Software and Affected Versions BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 Description BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted...

7.3CVSS6.1AI score0.044EPSS
Exploits1References11
Rows per page
Query Builder