{"id":366,"date":"2023-08-12T13:56:31","date_gmt":"2023-08-12T13:56:31","guid":{"rendered":"https:\/\/nobugescapes.com\/?p=366"},"modified":"2023-08-13T03:05:51","modified_gmt":"2023-08-13T03:05:51","slug":"smax-amx-vulnerability-submit-ideas-on-behalf-of-other-users","status":"publish","type":"post","link":"https:\/\/nobugescapes.com\/blog\/smax-amx-vulnerability-submit-ideas-on-behalf-of-other-users\/","title":{"rendered":"SMAX\/AMX VULNERABILITY Submit Ideas on behalf of other users"},"content":{"rendered":"\n

CVE-2023-32259<\/a><\/p>\n\n\n\n

Product & Service Introduction:<\/h3>\n\n\n\n

OpenText SMAX <\/a>is comprehensive service management software that delivers efficient IT Service Management (ITSM), IT Asset Management (ITAM), and Enterprise Service Management (ESM). Powered by embedded analytics and machine learning, it is easy to use, easy to extend, and easy to run anywhere.<\/p>\n\n\n\n

Technical Description:<\/h3>\n\n\n\n

A security vulnerability exists within the ITSM component of OpenText SMAX. This vulnerability, stemming from an authorization flaw, permits authenticated users to submit Ideas under the names of other users without the necessary permissions. The system’s integration with Active Directory, which assigns unique IDs to each user, does not adequately verify the authorization of the submitting user.<\/p>\n\n\n\n

Steps to Reproduce:<\/h3>\n\n\n\n

Initiate the Submission Process:<\/strong> Log into the ITSM System using your account and select \u201cSuggest idea.\u201d<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Intercept and Modify the Request:<\/strong> Using a proxy tool intercept the submission request.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Impersonate a Target:<\/strong> Modify the User ID field with your target’s unique ID and forward the request.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Post-submission, the target user doesn’t receive any notification, keeping them unaware.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Solution \u2013 Fix & Patch:<\/h3>\n\n\n\n

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of SMAX\/AMX:<\/p>\n\n\n\n