4 matches found
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...
CVE-2025-71260
CVE-2025-71260 affects BMC FootPrints ITSM 20.20.02–20.24.01.001. It describes a deserialization of untrusted data vulnerability in the ASP.NET VIEWSTATE handling that enables authenticated attackers to execute arbitrary code and fully compromise the application. The root cause is crafted seriali...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02–20.24.01.001 contain a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/import/searchWeb endpoint. The url parameter enables unauthenticated attackers to force the server to access arbitrary URLs, potentially reaching internal services and im...