Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/Nov/62 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1042177 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-03T19:00:00
Updated: 2019-01-03T18:57:01
Reserved: 2018-11-23T00:00:00
Link: CVE-2018-19505
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-01-03T19:29:00.663
Modified: 2019-02-15T15:03:50.167
Link: CVE-2018-19505
JSON object: View
Redhat Information
No data.
CWE