{"api_version":"1","generated_at":"2026-04-24T09:00:08+00:00","cve":"CVE-2017-17674","urls":{"html":"https://cve.report/CVE-2017-17674","api":"https://cve.report/api/cve/CVE-2017-17674.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-17674","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-17674"},"summary":{"title":"CVE-2017-17674","description":"BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-05-19 14:15:00","updated_at":"2021-05-25 18:04:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"http://bmc.com","name":"http://bmc.com","refsource":"MISC","tags":[],"title":"BMC - Bring IT to Life with Digital Enterprise Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/fulldisclosure/2017/Oct/52","name":"https://seclists.org/fulldisclosure/2017/Oct/52","refsource":"MISC","tags":[],"title":"Full Disclosure: Multiple vulnerabilities in BMC Remedy","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://remedy.com","name":"http://remedy.com","refsource":"MISC","tags":[],"title":"Remedy 9 - IT Service Management Suite - BMC Software","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html","name":"https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html","refsource":"MISC","tags":[],"title":"9.1.00: Fixes available for Remedy AR System security vulnerabilities - Documentation for Remedy Action Request System 9.1 - BMC Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-17674","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17674","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"17674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bmc","cpe5":"remedy_mid-tier","cpe6":"9.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-17674","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://bmc.com","refsource":"MISC","name":"http://bmc.com"},{"url":"http://remedy.com","refsource":"MISC","name":"http://remedy.com"},{"refsource":"MISC","name":"https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html","url":"https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html"},{"refsource":"MISC","name":"https://seclists.org/fulldisclosure/2017/Oct/52","url":"https://seclists.org/fulldisclosure/2017/Oct/52"}]}},"nvd":{"publishedDate":"2021-05-19 14:15:00","lastModifiedDate":"2021-05-25 18:04:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bmc:remedy_mid-tier:9.1:sp3:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"17674","Ordinal":"117890","Title":"CVE-2017-17674","CVE":"CVE-2017-17674","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"17674","Ordinal":"1","NoteData":"BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).","Type":"Description","Title":null},{"CveYear":"2017","CveId":"17674","Ordinal":"2","NoteData":"2021-05-19","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"17674","Ordinal":"3","NoteData":"2021-05-19","Type":"Other","Title":"Modified"}]}}}