EUVD-2025-208873CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
5Tags
Description
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to perform internal network scanning or interact with internal services, impacting system availability. The following hotfixes remediate the vulnerability: 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01.
Analysis
A blind server-side request forgery (SSRF) vulnerability exists in the searchWeb API component of BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001, allowing authenticated attackers to cause the server to initiate arbitrary outbound requests through improper URL validation. Attackers can exploit this to perform internal network scanning or interact with internal services, potentially impacting system availability and confidentiality. A publicly available proof-of-concept exists, and vendor patches are available.
Technical Context
The vulnerability resides in the searchWeb API component (cpe:2.3:a:bmc_software,_inc.:footprints) of BMC FootPrints ITSM, a service management platform. The root cause is classified under CWE-918 (Server-Side Request Forgery), which occurs when application code constructs and sends HTTP requests to user-supplied URLs without proper validation or filtering. In this case, the searchWeb API fails to adequately validate URLs before the server processes them, allowing an authenticated user to specify arbitrary destinations. The blind nature of this SSRF means attackers receive no direct response from the target, but can still infer success through timing or side-channel observations. This is a classic input validation flaw affecting the HTTP request handling layer.
Affected Products
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 are affected by this vulnerability, as confirmed via CPE (cpe:2.3:a:bmc_software,_inc.:footprints). According to the vendor advisory (https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/), hotfixes are available for versions 20.20.02, 20.20.03.002, 20.21.01.001, 20.21.02.002, 20.22.01, 20.22.01.001, 20.23.01, 20.23.01.002, and 20.24.01. Organizations running any FootPrints version in the 20.20.x through 20.24.x range should verify their exact patch level and determine applicability.
Remediation
Apply the vendor-supplied hotfixes immediately; BMC has released patches for all affected version families (20.20, 20.21, 20.22, 20.23, and 20.24 lines). Consult the vendor release notes at https://docs.bmc.com/xwiki/bin/view/More-Products/Footprints/FootPrints/fp2024/Release-notes/2024-Release-01-Patch-2/ to identify and deploy the appropriate patch for your installed version. If immediate patching is not possible, implement compensating controls: restrict network access to the FootPrints server to trusted IP ranges and authorized users only, disable or restrict the searchWeb API if not required for business operations, monitor outbound connections from the FootPrints server for anomalous activity (particularly to unexpected internal or external hosts), and enforce authentication and authorization checks at the reverse proxy or WAF layer. Review user accounts and audit logs to identify any suspicious searchWeb API usage patterns.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today