Vulnerability Description
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Remedy Mid-Tier | 9.1 |
Related Weaknesses (CWE)
References
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-sRelease NotesVendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing ListThird Party Advisory
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-sRelease NotesVendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing ListThird Party Advisory
FAQ
What is CVE-2017-17674?
CVE-2017-17674 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprintin...
How severe is CVE-2017-17674?
CVE-2017-17674 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-17674?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Remedy Mid-Tier.