BMC FootPrints ITSM Blind Server-Side Request Forgery Vulnerability

A blind server-side request forgery (SSRF) vulnerability has been identified in BMC FootPrints ITSM versions 20.20.02 prior to 20.24.01.001. This vulnerability resides in the searchWeb API component, where improper URL validation allows authenticated attackers to manipulate the server into making arbitrary outbound requests. Exploitation of this vulnerability could lead to internal network scanning, interaction with internal services, and potential disruption of system availability.

Impact

Exploitation of this vulnerability allows authenticated attackers to cause the server to initiate arbitrary outbound requests, which could be used for internal network scanning or to interact with internal services, potentially disrupting system availability.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the searchWeb API component with a crafted URL that points to an external host. The server will then make a request to that URL, effectively allowing the attacker to perform blind SSRF. This can be done by exploiting the 'import' functionality of the searchWeb API, or by using the externalfeed API with an RSS feed URL that points to an external host.

Remediation

Users can upgrade to BMC FootPrints ITSM versions 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, or 20.24.01 to address this vulnerability.