Remote and Local File Inclusion Vulnerability in BMC Remedy Mid Tier Software
CVE-2017-17674

9.8CRITICAL

Key Information:

Vendor

Bmc

Status
Remedy Mid-tier
Vendor
CVE Published:
19 May 2021

What is CVE-2017-17674?

BMC Remedy Mid Tier 9.1SP3 is susceptible to remote and local file inclusion vulnerabilities. This flaw allows attackers to exploit the system by accessing restricted files, leading to potential threats such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), and remote code execution (RCE). The vulnerability arises from inadequate restrictions on input parameters, allowing malicious entities to manipulate the application to disclose sensitive information or execute unauthorized commands.

References

http://bmc.com
x_refsource_MISC
http://remedy.com
x_refsource_MISC
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.