Bmc Software Inc Footprints vulnerabilities
4 known vulnerabilities affecting bmc_software_inc/footprints.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-71257P1CRITICALCVSS 9.1ExploitedPoC≥ 20.20.02, ≤ 20.24.01.0012026-03-19
CVE-2025-71257 [CRITICAL] CWE-306 CVE-2025-71257: BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerab
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality and gain unauthorized access to application data and
nvd
CVE-2025-71260P1HIGHCVSS 8.8PoC≥ 20.20.02, ≤ 20.24.01.0012026-03-19
CVE-2025-71260 [HIGH] CWE-502 CVE-2025-71260: BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted da
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise
nvd
CVE-2025-71258P2HIGHCVSS 7.1PoC≥ 20.20.02, ≤ 20.24.01.0012026-03-19
CVE-2025-71258 [HIGH] CWE-918 CVE-2025-71258: BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to perform internal network scanning or interact with internal
nvd
CVE-2025-71259P2HIGHCVSS 7.1PoC≥ 20.20.02, ≤ 20.24.01.0012026-03-19
CVE-2025-71259 [HIGH] CWE-918 CVE-2025-71259: BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of externally supplied resource references to interact with
nvd