Authenticated Code Execution in BMC Remedy by BMC Software
CVE-2017-17677

8.8HIGH

Key Information:

Vendor

Bmc

Status
Remedy Mid-tier
Vendor
CVE Published:
19 May 2021

What is CVE-2017-17677?

BMC Remedy version 9.1SP3 contains a vulnerability that allows authenticated users with permissions to create reports to execute arbitrary code through the use of BIRT templates. This flaw presents a significant security risk as it enables potential exploitation by users who have legitimate access, allowing them to run unauthorized operations within the system.

References

http://bmc.com
x_refsource_MISC
http://remedy.com
x_refsource_MISC
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.