VIR Vulnerability Intelligence Relay

CVE-2013-4945

high
Published 2013-07-29 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
8.5

Description

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-26806 webapps asp text ยท 2 KB
Nuri Fattah ยท 2013-07-13

BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities

text exploit Source: Exploit-DB 
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC

Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version
10.2.1.95
 
Affected Product:
BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95

Timeline:
07 June 2013      - Vulnerability found
12 June 2013      - Vendor informed
17 June 2013      - Vendor replied/confirmed & opened service ticket
 
Credits:
Nuri Fattah   of NATO / NCIRC (www.ncirc.nato.int)
 
CVE: To be assigned
 
NCIRC ID: NCIRC-2013127-02
 
Description:
Multiple vulnerabilities, including Cross-Site Scripting(XSS) and SQL
injection were identified in the latest version of BMC SERVICE DESK
EXPRESS
 
Vulnerability Details:

1. SQL injection
a. /SDE/DashBoardGUI.aspx 
vuln parameter: [ASPSESSIONIDASSRATTQ cookie]

b. /SDE/DashBoardGUI.aspx 
vuln parameter: [TABLE_WIDGET_1 cookie]
c. /SDE/DashBoardGUI.aspx 
vuln parameter: [TABLE_WIDGET_2 cookie]
d. SDE/DashBoardGUI.aspx 
vuln parameter: [browserDateTimeInfo cookie]
e. /SDE/DashBoardGUI.aspx 
vuln parameter: [browserNumberInfo cookie]
f. /SDE/login.aspx 
vuln parameter: [UID]
 
2. Reflected XSS
a. /SDE/QV_admin.aspx 
vuln parameter: [SelTab]
b. /SDE/QV_grid.aspx 
vuln parameter: [CallBack]
c. /SDE/commonhelp.aspx 
vuln parameter: [HelpPage]

example:
GET
/SDE/QV_grid.aspx?QuerySeq=1068&CondVal=1%40V1%40ADMINISTRATION%401&Call
Back=parent.parent.frames.TmInputs.callBack(doGridDataCallBack.arguments
[0]);</script><script>alert(99817)</script>&ViewType=g&bRefresh=
HTTP/1.1
 
Solution:
No Solution has yet been provided.
Please contact the vendor.

Application impact
VendorProductVersionsFixed
bmcservice_desk_express10.2.1.95

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.