Vulnerabilities > BMC > Remedy Action Request System Server

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-19505 Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
network
low complexity
bmc CWE-287
4.0