PT-2026-26061 · Bmc · Bmc Footprints Itsm
Sonny
·
Published
2026-03-18
·
Updated
2026-03-24
·
CVE-2025-71258
CVSS v3.1
4.3
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
Description
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery issue in the
searchWeb API component. Authenticated attackers can exploit improper URL validation to cause the server to initiate arbitrary outbound requests. This can allow attackers to perform internal network scanning or interact with internal services, potentially impacting system availability.Recommendations
Apply hotfix 20.20.02.
Apply hotfix 20.20.03.002.
Apply hotfix 20.21.01.001.
Apply hotfix 20.21.02.002.
Apply hotfix 20.22.01.
Apply hotfix 20.22.01.001.
Apply hotfix 20.23.01.
Apply hotfix 20.23.01.002.
Apply hotfix 20.24.01.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bmc Footprints Itsm