Nuri Fattah

**Name of the Vulnerable Software and Affected Versions** BMC Service Desk Express (SDE) version 10.2.1.95 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several cookie parameters to the "DashBoardGUI.aspx" endpoint, including `ASPSESSIONIDASSRATTQ`, `TABLE WIDGET 1`, `TABLE WIDGET 2`, `browserDateTimeInfo`, and `browserNumberInfo`. Additionally, the `UID` parameter to the "login.aspx" endpoint is vulnerable. **Recommendations** For BMC Service Desk Express (SDE) version 10.2.1.95, consider restricting access to the "DashBoardGUI.aspx" and "login.aspx" endpoints until a patch is available. As a temporary workaround, avoid using the vulnerable parameters `ASPSESSIONIDASSRATTQ`, `TABLE WIDGET 1`, `TABLE WIDGET 2`, `browserDateTimeInfo`, `browserNumberInfo`, and `UID` in the respective endpoints.

**Name of the Vulnerable Software and Affected Versions** BMC Service Desk Express (SDE) version 10.2.1.95 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the `SelTab` parameter to "QV admin.aspx", the `CallBack` parameter to "QV grid.aspx", or the `HelpPage` parameter to "commonhelp.aspx". **Recommendations** For version 10.2.1.95, consider restricting access to the vulnerable parameters `SelTab`, `CallBack`, and `HelpPage` in the respective API endpoints "QV admin.aspx", "QV grid.aspx", and "commonhelp.aspx" until a patch is available.