CVE-2017-17674
Last modified
CVE-2017-17674 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).. EPSS estimates a 2.57% chance of exploitation in the next 30 days.
Description
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Bmc | Remedy Mid-Tier | 9.1 | Sp3 |
References
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.htmlRelease Notes, Vendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing List, Third Party Advisory
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.htmlRelease Notes, Vendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17674?
How severe is CVE-2017-17674?
How do I fix CVE-2017-17674?
Are you affected by CVE-2017-17674?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST