PT-2026-26060 · Bmc · Bmc Footprints Itsm
Sonny
·
Published
2026-03-18
·
Updated
2026-03-24
·
CVE-2025-71257
CVSS v3.1
7.3
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
Description
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by an authentication bypass. This is due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and modify system resources. The vulnerability affects access to restricted functionality through API endpoints.
Recommendations
Apply hotfix 20.20.02.
Apply hotfix 20.20.03.002.
Apply hotfix 20.21.01.001.
Apply hotfix 20.21.02.002.
Apply hotfix 20.22.01.
Apply hotfix 20.22.01.001.
Apply hotfix 20.23.01.
Apply hotfix 20.23.01.002.
Apply hotfix 20.24.01.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bmc Footprints Itsm