CVE-2017-17675

2021-05-1913:11:13

mitre

www.cve.org

bmc remedy mid tier

9.1sp3

log hijacking

remote logging

unauthenticated users

system logs

data hijack

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

References

bmc.com

remedy.com

docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

seclists.org/fulldisclosure/2017/Oct/52