Vulnerability Details : CVE-2017-17677
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
Exploit prediction scoring system (EPSS) score for CVE-2017-17677
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-17677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-17677
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17677
-
http://remedy.com
BMC Remedy ITSM | Remedy IT Service Management - BMC SoftwareProduct
-
http://bmc.com
BMC Software – Run and ReinventProduct
-
https://seclists.org/fulldisclosure/2017/Oct/52
Full Disclosure: Multiple vulnerabilities in BMC RemedyMailing List;Third Party Advisory
-
https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html
9.1.00: Fixes available for Remedy AR System security vulnerabilities - Documentation for Remedy Action Request System 9.1 - BMC DocumentationRelease Notes;Vendor Advisory
Products affected by CVE-2017-17677
- cpe:2.3:a:bmc:remedy_mid-tier:9.1:sp3:*:*:*:*:*:*