Cross-Site Scripting Vulnerability in BMC Remedy Mid Tier by BMC Software
CVE-2017-17678

6.1MEDIUM

Key Information:

Vendor

Bmc

Status
Remedy Mid-tier
Vendor
CVE Published:
19 May 2021

What is CVE-2017-17678?

The vulnerability in BMC Remedy Mid Tier 9.1SP3 allows for a DOM-based cross-site scripting (XSS) attack due to flaws in a legacy utility. This vulnerability can be exploited by malicious individuals to inject arbitrary scripts into web pages viewed by users, potentially leading to data theft, session hijacking, or further compromise of user systems. Organizations using BMC Remedy Mid Tier should assess their exposure and implement necessary mitigations to safeguard against this type of threat.

References

http://bmc.com
x_refsource_MISC
http://remedy.com
x_refsource_MISC
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.