CVE-2017-17674

Published: May 19, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).

Affected (1)

Products: Bmc: Remedy Mid Tier

1 product

Remedy Mid Tier

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bmc Remedy Mid Tier	Version 9.1 sp3

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cve@mitre.org

Product

http://remedy.com

Source: cve@mitre.org

Product

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://seclists.org/fulldisclosure/2017/Oct/52

Source: cve@mitre.org

Mailing ListThird Party Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://remedy.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://seclists.org/fulldisclosure/2017/Oct/52

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.