CVE-2018-19505

EPSS 0.24% · P48 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-19505

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

BMC Remedy Remedy AR System Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

BMC Remedy是美国BMC Software公司的一套用于IT部门的移动数字化企业管理平台。Remedy AR System Server是其中的一个服务器端。 BMC Remedy 7.1版本中的Remedy AR System Server存在安全漏洞，该漏洞源于程序没有在模拟的情景中设置正确的用户上下文。攻击者可利用该漏洞以其他用户身份进行操作。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-19505

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-19505

请登录查看更多情报信息。

http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.htmlx_refsource_MISC
http://www.securitytracker.com/id/1042177vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2018/Nov/62mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2018-19505

Same Patch Batch · n/a · 2019-01-03 · 39 CVEs total

CVE-2019-3905		ZOHO ManageEngine ADSelfService Plus 安全漏洞
CVE-2018-19992		Dolibarr 跨站脚本漏洞
CVE-2018-19993		Dolibarr 跨站脚本漏洞
CVE-2018-19994		Dolibarr SQL注入漏洞
CVE-2018-19995		Dolibarr 跨站脚本漏洞
CVE-2018-19998		Dolibarr SQL注入漏洞
CVE-2018-20512		EPON CPE-WiFi设备权限许可和访问控制问题漏洞
CVE-2019-3575		Sqla_yaml_fixtures 代码注入漏洞
CVE-2018-20663		CUBA Platform Reporting Addon 跨站脚本漏洞
CVE-2018-20664		ZOHO ManageEngine ADSelfService Plus 安全漏洞
CVE-2018-19862		MiniShare 缓冲区错误漏洞
CVE-2018-16870		wolfSSL 加密问题漏洞
CVE-2019-3701		Linux kernel 缓冲区错误漏洞
CVE-2018-20662		Poppler 安全漏洞
CVE-2018-17172		多款Fuji Xerox产品命令注入漏洞
CVE-2018-18264		Google Kubernetes Dashboard 安全漏洞
CVE-2018-18893		Jinjava 安全漏洞
CVE-2018-20131		Code42 for Enterprise for Linux 安全漏洞
CVE-2019-3580		OpenRefine 路径遍历漏洞
CVE-2018-18005		VIVOTEK Network Camera系列产品跨站脚本漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-19505

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-19505

I. Basic Information for CVE-2018-19505

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-19505

III. Intelligence Information for CVE-2018-19505

Same Patch Batch · n/a · 2019-01-03 · 39 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-19505

Leave a comment