CVE-2017-17674
CRITICALBMC Remedy Mid Tier 9.1SP3 - Server-Side Request Forgery
Title source: llmDescription
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
References (4)
Core 4
Core References
Product x_refsource_misc
http://bmc.com
Product x_refsource_misc
http://remedy.com
Release Notes, Vendor Advisory x_refsource_misc
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2017/Oct/52
Scores
CVSS v3
9.8
EPSS
0.0257
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
bmc/remedy_mid-tier
9.1 sp3
Published
May 19, 2021
Tracked Since
Feb 18, 2026