Description
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
References (4)
Core 4
Core References
Product x_refsource_misc
http://bmc.com
Product x_refsource_misc
http://remedy.com
Release Notes, Vendor Advisory x_refsource_misc
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2017/Oct/52
Scores
CVSS v3
5.3
EPSS
0.0033
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
bmc/remedy_mid-tier
9.1 sp3
Published
May 19, 2021
Tracked Since
Feb 18, 2026