User Impersonation Vulnerability in Remedy AR System Server
CVE-2018-19505 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
Learn more about our Cis Benchmark Audit For Apple Ios.