Bmc: >> Remedy Action Request System Server Security Vulnerabilities
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-01-03