User Impersonation Vulnerability in Remedy AR System Server

User Impersonation Vulnerability in Remedy AR System Server

CVE-2018-19505 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.

Learn more about our Cis Benchmark Audit For Apple Ios.