Vulnerability Description
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Remedy Mid-Tier | 9.1 |
Related Weaknesses (CWE)
References
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-sRelease NotesVendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing ListThird Party Advisory
- http://bmc.comProduct
- http://remedy.comProduct
- https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-sRelease NotesVendor Advisory
- https://seclists.org/fulldisclosure/2017/Oct/52Mailing ListThird Party Advisory
FAQ
What is CVE-2017-17677?
CVE-2017-17677 is a vulnerability with a CVSS score of 8.8 (HIGH). BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
How severe is CVE-2017-17677?
CVE-2017-17677 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17677?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Remedy Mid-Tier.