Описание
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability.
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability was discovered in BMC MyIT Digital Workplace DWP before 18.11. The DWP component sso.session.restore.cookies stores data using java serialization method. The vulnerability can be triggered by using an ivalid cookie that contains an embedded system command within a DWP API call, as demonstrated by the /dwp/rest/v2/administrator URI.
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2