BMC FootPrints ITSM Blind Server-Side Request Forgery Vulnerability

A blind server-side request forgery (SSRF) vulnerability has been identified in BMC FootPrints ITSM versions 20.20.02 prior to 20.24.01.001. This vulnerability resides in the externalfeed/RSS API component, where authenticated attackers can exploit inadequate validation of externally supplied resource references. This exploitation allows them to trigger arbitrary outbound requests from the server, potentially interacting with internal services or causing resource exhaustion that impacts availability.

Impact

Exploitation of this vulnerability could lead to unauthorized interactions with internal services or resource exhaustion, causing availability issues.

Reproduction

To reproduce this vulnerability, an authenticated user can send a GET request to the '/footprints/servicedesk/externalfeed/RSS' endpoint, including a 'feedUrl' parameter with a URL pointing to an external resource. The server will process the request and fetch the specified URL, demonstrating the SSRF vulnerability.

Remediation

Users can upgrade to BMC FootPrints ITSM versions 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, or 20.24.01 to address this vulnerability.