CVE-2017-17674
Summary
| CVE | CVE-2017-17674 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-19 14:15:00 UTC |
| Updated | 2021-05-25 18:04:00 UTC |
| Description | BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bmc | Remedy Mid-tier | 9.1 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BMC - Bring IT to Life with Digital Enterprise Management | MISC | bmc.com | |
| Full Disclosure: Multiple vulnerabilities in BMC Remedy | MISC | seclists.org | |
| Remedy 9 - IT Service Management Suite - BMC Software | MISC | remedy.com | |
| 9.1.00: Fixes available for Remedy AR System security vulnerabilities - Documentation for Remedy Action Request System 9.1 - BMC Documentation | MISC | docs.bmc.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.