CVE-2025-71260
- EPSS 34.36%
- Veröffentlicht 19.03.2026 13:45:05
- Zuletzt bearbeitet 22.04.2026 17:29:42
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply craft...
CVE-2025-71259
- EPSS 12.92%
- Veröffentlicht 19.03.2026 13:44:38
- Zuletzt bearbeitet 22.04.2026 17:36:55
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Att...
CVE-2025-71258
- EPSS 17.43%
- Veröffentlicht 19.03.2026 13:44:09
- Zuletzt bearbeitet 22.04.2026 17:25:06
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attac...
CVE-2025-71257
- EPSS 4.4%
- Veröffentlicht 19.03.2026 13:43:37
- Zuletzt bearbeitet 22.04.2026 17:22:56
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass acces...