Footprints Itsm

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:bmc:footprints_itsm:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorBmc (41db0501-28a3-55f2-9e02-2ebb9bfb3ab9)
ProductFootprints Itsm (521cc469-c6d7-5525-b160-f4426ab8cfb3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-71260 vulnerable 2026-06-03 15:12:30.282910 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE
HIGH (8.8)
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Published: 2026-03-19T13:45:05.620Z
Updated: 2026-05-14T02:09:01.615Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-71259 vulnerable 2026-06-03 15:12:30.282559 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS
MEDIUM (4.3)
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of externally supplied resource references to interact with internal services or cause resource exhaustion impacting availability. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Published: 2026-03-19T13:44:38.514Z
Updated: 2026-05-14T02:09:00.657Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-71258 vulnerable 2026-06-03 15:12:30.282086 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb
MEDIUM (4.3)
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to perform internal network scanning or interact with internal services, impacting system availability. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Published: 2026-03-19T13:44:09.717Z
Updated: 2026-05-25T23:41:33.738Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-71257 vulnerable 2026-06-03 15:12:30.281390 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass
HIGH (7.3)
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and modify system resources. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Published: 2026-03-19T13:43:37.695Z
Updated: 2026-05-14T02:08:58.859Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.