PT-2026-26062 · Bmc · Bmc Footprints Itsm
Sonny
·
Published
2026-03-18
·
Updated
2026-03-24
·
CVE-2025-71259
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
Description
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the
externalfeed/RSS API component. This allows authenticated attackers to trigger arbitrary outbound requests from the server. Insufficient validation of externally supplied resource references enables attackers to interact with internal services or cause resource exhaustion, potentially impacting availability. The vulnerable component is the externalfeed/RSS API.Recommendations
Apply hotfix 20.20.02.
Apply hotfix 20.20.03.002.
Apply hotfix 20.21.01.001.
Apply hotfix 20.21.02.002.
Apply hotfix 20.22.01.
Apply hotfix 20.22.01.001.
Apply hotfix 20.23.01.
Apply hotfix 20.23.01.002.
Apply hotfix 20.24.01.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bmc Footprints Itsm