Cross-Site Scripting Vulnerability in BMC Remedy AR System
CVE-2017-18228

5.4MEDIUM

Key Information:

Vendor: Bmc
Status: Remedy Action Request System
Vendor: CVE Published:; 12 March 2018

What is CVE-2017-18228?

BMC Remedy AR System 9.1 contains a vulnerability that allows attackers to exploit Cross-Site Scripting (XSS) via the ATTKey parameter within the arsys/servlet/AttachServlet request. This flaw can enable malicious users to inject arbitrary scripts into web pages viewed by other users, potentially allowing theft of session cookies or other sensitive information. Organizations using this version of BMC Remedy AR System should take immediate steps to implement security measures and apply available updates to protect against such vulnerabilities.

References

https://communities.bmc.com/thread/164169

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 12, 2018

JSON

Bmc

What is CVE-2017-18228?

References

CVSS V3.1

Timeline