CVE-2022-26088

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated."
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:bmc:remedy_it_service_management_suite:20.02:*:*:*:*:*:*:*

Information

Published : 2022-11-10 13:15

Updated : 2022-11-15 12:46


NVD link : CVE-2022-26088

Mitre link : CVE-2022-26088


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

bmc

  • remedy_it_service_management_suite