PT-2026-26060 · Bmc · Bmc Footprints Itsm
Sonny
·
Publicado
2026-03-18
·
Atualizado
2026-03-24
·
CVE-2025-71257
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
Description
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and modify system resources. The vulnerability affects access to restricted functionality through API endpoints.
Recommendations
Apply hotfix 20.20.02.
Apply hotfix 20.20.03.002.
Apply hotfix 20.21.01.001.
Apply hotfix 20.21.02.002.
Apply hotfix 20.22.01.
Apply hotfix 20.22.01.001.
Apply hotfix 20.23.01.
Apply hotfix 20.23.01.002.
Apply hotfix 20.24.01.
Exploit
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bmc Footprints Itsm