1 results (0.002 seconds)
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19505 – BMC Remedy 7.1 User Impersonation
https://notcve.org/view.php?id=CVE-2018-19505
28 Nov 2018 — Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. En la versión 7.1 de BMC Remedy, Remedy AR System Server podría no lograr establecer el contexto de usuario correcto en determinados escenarios de suplantación, lo que podría permitir a un usuario actuar... • http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html • CWE-287: Improper Authentication •