Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...

5.3CVSS6.1AI score0.1743EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/19 1:45 p.m.366 views

CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.3436EPSS
Exploits1References3
CVE
CVE
added 2026/03/19 1:45 p.m.15 views

CVE-2025-71260

CVE-2025-71260 affects BMC FootPrints ITSM 20.20.02–20.24.01.001. It describes a deserialization of untrusted data vulnerability in the ASP.NET VIEWSTATE handling that enables authenticated attackers to execute arbitrary code and fully compromise the application. The root cause is crafted seriali...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/19 1:44 p.m.12 views

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 contain a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/import/searchWeb endpoint. The url parameter enables unauthenticated attackers to force the server to access arbitrary URLs, potentially reaching internal services and im...

7.1CVSS5.9AI score0.1743EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder