Vulnerability CVE-2017-17675
Published: 2021-05-19

Description:
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

Type:

CWE-532

 (Information Exposure Through Log Files)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
BMC -> Remedy mid-tier 

 References:
http://bmc.com
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
https://seclists.org/fulldisclosure/2017/Oct/52
http://remedy.com
Copyright 2024, cxsecurity.com

 

Back to Top