{"id":375,"date":"2023-08-12T14:21:46","date_gmt":"2023-08-12T14:21:46","guid":{"rendered":"https:\/\/nobugescapes.com\/?p=375"},"modified":"2023-08-13T03:04:19","modified_gmt":"2023-08-13T03:04:19","slug":"raise-a-request-on-behalf-of-other-users-vulnerability-in-smax-amx-hcmx","status":"publish","type":"post","link":"https:\/\/nobugescapes.com\/blog\/raise-a-request-on-behalf-of-other-users-vulnerability-in-smax-amx-hcmx\/","title":{"rendered":"Raise a request on behalf of other users Vulnerability in\u00a0SMAX\/AMX\/HCMX"},"content":{"rendered":"\n

CVE-2023-32260<\/a><\/p>\n\n\n\n

Product & Service Introduction:<\/h3>\n\n\n\n

OpenText SMAX <\/a>is comprehensive service management software that delivers efficient IT Service Management (ITSM), IT Asset Management (ITAM), and Enterprise Service Management (ESM). Powered by embedded analytics and machine learning, it is easy to use, easy to extend, and easy to run anywhere.<\/p>\n\n\n\n

Technical Description:<\/h3>\n\n\n\n

Security vulnerability has been identified within the ITSM component of OpenText SMAX. This vulnerability, due to an authorization flaw, allows authenticated users to submit requests under the names of others. Given that the system syncs with Active Directory, assigning unique IDs to users, exploitation of this flaw can enable unauthorized request modifications or manipulations on behalf of unsuspecting users.<\/p>\n\n\n\n

Steps to Reproduce:<\/h3>\n\n\n\n

Start the Submission Process:<\/strong> Log into the ITSM System using an Active Directory account and select a request type. In this example, we’ll use \u201clocal admin account.\u201d<\/p>\n\n\n\n

Prepare Request:<\/strong> Click on the request interface to input any title and justification for the request.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Intercept and Modify:<\/strong> Using a proxy tool, such as \u201cburp suite,\u201d intercept the request being sent.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Impersonate a Target:<\/strong> Within the intercepted request, change the User ID to your intended target’s ID and then forward the request.<\/p>\n\n\n\n

Post submission, the victim won’t receive any email notification, thereby remaining unaware of this unauthorized activity. <\/p>\n\n\n\n

How to a user Identifier?<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Solution \u2013 Fix & Patch:<\/h3>\n\n\n\n

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of SMAX\/AMX\/HCMX:<\/p>\n\n\n\n