Lucene search

[email protected]NVD:CVE-2017-17675

HistoryMay 19, 2021 - 2:15 p.m.

CVE-2017-17675

2021-05-1914:15:07

CWE-532

[email protected]

web.nvd.nist.gov

bmc remedy

log hijacking

remote access

system logs

unauthenticated users

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

65.9%

JSON

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

Affected configurations

Nvd

Node

bmcremedy_mid-tierMatch9.1sp3

VendorProductVersionCPE
bmcremedy_mid-tier9.1cpe:2.3:a:bmc:remedy_mid-tier:9.1:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
bmc	remedy_mid-tier	9.1	cpe:2.3:a:bmc:remedy_mid-tier:9.1:sp3::::::

References

bmc.com

remedy.com

docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

seclists.org/fulldisclosure/2017/Oct/52

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

65.9%

JSON

Related for NVD:CVE-2017-17675

cve1 prion1 cvelist1