BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
                
            References
                    | Link | Resource | 
|---|---|
| http://bmc.com | Product | 
| http://remedy.com | Product | 
| https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html | Release Notes Vendor Advisory | 
| https://seclists.org/fulldisclosure/2017/Oct/52 | Mailing List Third Party Advisory | 
| http://bmc.com | Product | 
| http://remedy.com | Product | 
| https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html | Release Notes Vendor Advisory | 
| https://seclists.org/fulldisclosure/2017/Oct/52 | Mailing List Third Party Advisory | 
Configurations
                    History
                    21 Nov 2024, 03:18
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://bmc.com - Product | |
| References | () http://remedy.com - Product | |
| References | () https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html - Release Notes, Vendor Advisory | |
| References | () https://seclists.org/fulldisclosure/2017/Oct/52 - Mailing List, Third Party Advisory | 
25 May 2021, 18:20
| Type | Values Removed | Values Added | 
|---|---|---|
| References | (MISC) http://remedy.com - Product | |
| References | (MISC) https://seclists.org/fulldisclosure/2017/Oct/52 - Mailing List, Third Party Advisory | |
| References | (MISC) https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html - Release Notes, Vendor Advisory | |
| References | (MISC) http://bmc.com - Product | |
| CWE | CWE-532 | |
| CPE | cpe:2.3:a:bmc:remedy_mid-tier:9.1:sp3:*:*:*:*:*:* | |
| CVSS | v2 : v3 : | v2 : 5.0 v3 : 5.3 | 
19 May 2021, 14:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2021-05-19 14:15
Updated : 2024-11-21 03:18
NVD link : CVE-2017-17675
Mitre link : CVE-2017-17675
CVE.ORG link : CVE-2017-17675
JSON object : View
Products Affected
                bmc
- remedy_mid-tier
CWE
                
                    
                        
                        CWE-532
                        
            Insertion of Sensitive Information into Log File
