CVE-2018-19505
First published: Thu Jan 03 2019(Updated: )
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bmc Remedy Action Request System Server | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-19505.
What is the severity of CVE-2018-19505?
The severity of CVE-2018-19505 is medium with a severity value of 6.5.
What is the affected software for CVE-2018-19505?
The affected software for CVE-2018-19505 is BMC Remedy Action Request System Server version 7.1.
How can this vulnerability be exploited?
This vulnerability can be exploited by a user to act with the identity of a different user in certain impersonation scenarios.
Are there any references for CVE-2018-19505?
Yes, there are references available for CVE-2018-19505. You can find them at the following links: [link1](http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html), [link2](http://seclists.org/fulldisclosure/2018/Nov/62), [link3](http://www.securitytracker.com/id/1042177).
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bmc
- canonical/bmc remedy action request system server
- version/bmc remedy action request system server/7.1