CVE-2022-26088

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated."
Configurations

Configuration 1

cpe:2.3:a:bmc:remedy_it_service_management_suite:20.02:*:*:*:*:*:*:*

Information

Published : 2022-11-10 09:15

Updated : 2022-11-15 08:46


NVD link : CVE-2022-26088

Mitre link : CVE-2022-26088

Products Affected
No products.
CWE