← Zuruck zu CVEs

CVE-2017-17674

CRITICAL

9.8

Beschreibung

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/19/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

bmc:remedy_mid-tier

Schwachen (CWE)

CWE-918

Referenzen

http://bmc.com(cve@mitre.org)

http://remedy.com(cve@mitre.org)

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html(cve@mitre.org)

https://seclists.org/fulldisclosure/2017/Oct/52(cve@mitre.org)

http://bmc.com(af854a3a-2127-422b-91ae-364da2661108)

http://remedy.com(af854a3a-2127-422b-91ae-364da2661108)

https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/fulldisclosure/2017/Oct/52(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.