CVE-2017-17677

HIGH

BMC Remedy Mid-tier - Incorrect Permission Assignment

Title source: rule

Description

BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.

References (4)

Core 4

Core References

Product x_refsource_misc

http://bmc.com

Product x_refsource_misc

http://remedy.com

Release Notes, Vendor Advisory x_refsource_misc

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

Mailing List, Third Party Advisory x_refsource_misc

https://seclists.org/fulldisclosure/2017/Oct/52

Scores

CVSS v3 8.8

EPSS 0.0101

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

bmc/remedy_mid-tier 9.1 sp3

Published May 19, 2021

Tracked Since Feb 18, 2026