3 matches found
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
EUVD-2025-208875
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02–20.24.01.001 expose a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/externalfeed/RSS endpoint via the feedUrl parameter. The flaw allows unauthenticated attackers to induce the server to make outbound requests to arbitrary URLs, potentiall...