CVE-2017-17675

MEDIUM

BMC Remedy Mid Tier 9.1SP3 - Unauthenticated Log Hijacking via Remote Logging

Title source: llm

Description

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

References (4)

Core 4

Core References

Product x_refsource_misc

http://bmc.com

Product x_refsource_misc

http://remedy.com

Release Notes, Vendor Advisory x_refsource_misc

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

Mailing List, Third Party Advisory x_refsource_misc

https://seclists.org/fulldisclosure/2017/Oct/52

Scores

CVSS v3 5.3

EPSS 0.0115

EPSS Percentile 62.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-532

Status published

Products (1)

bmc/remedy_mid-tier 9.1 sp3

Published May 19, 2021

Tracked Since Feb 18, 2026