Vulnerability Details CVE-2017-17674
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://bmc.com
- http://remedy.com
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
- https://seclists.org/fulldisclosure/2017/Oct/52
- http://bmc.com
- http://remedy.com
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
- https://seclists.org/fulldisclosure/2017/Oct/52
Products affected by CVE-2017-17674
-
cpe:2.3:a:bmc:remedy_mid-tier:9.1