Vulnerability Details CVE-2017-18228
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2017-18228
-
cpe:2.3:a:bmc:remedy_action_request_system:-
-
cpe:2.3:a:bmc:remedy_action_request_system:1.0.0
-
cpe:2.3:a:bmc:remedy_action_request_system:7.10.2
-
cpe:2.3:a:bmc:remedy_action_request_system:7.5.0.0
-
cpe:2.3:a:bmc:remedy_action_request_system:7.6.04
-
cpe:2.3:a:bmc:remedy_action_request_system:8.0.00
-
cpe:2.3:a:bmc:remedy_action_request_system:8.0.00.001
-
cpe:2.3:a:bmc:remedy_action_request_system:8.0.00.002
-
cpe:2.3:a:bmc:remedy_action_request_system:8.0.00.003
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.00
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.00.001
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.00.002
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.00.003
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.01
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.01.001
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.02
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.02.001
-
cpe:2.3:a:bmc:remedy_action_request_system:8.1.02.002
-
cpe:2.3:a:bmc:remedy_action_request_system:9.0.00
-
cpe:2.3:a:bmc:remedy_action_request_system:9.0.00.001
-
cpe:2.3:a:bmc:remedy_action_request_system:9.0.00.002
-
cpe:2.3:a:bmc:remedy_action_request_system:9.0.01
-
cpe:2.3:a:bmc:remedy_action_request_system:9.0.01.001