CVE-2017-18228: XSS
First published: Mon Mar 12 2018(Updated: )
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BMC Remedy Action Request System | <=9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-18228?
CVE-2017-18228 is a vulnerability in Remedy Mid Tier in BMC Remedy AR System 9.1 that allows cross-site scripting (XSS) attacks.
How does CVE-2017-18228 impact the BMC Remedy AR System 9.1?
CVE-2017-18228 allows attackers to perform XSS attacks by exploiting the ATTKey parameter in an arsys/servlet/AttachServlet request.
What is the severity of CVE-2017-18228?
The severity of CVE-2017-18228 is medium, with a CVSS score of 5.4.
How can I fix CVE-2017-18228 vulnerability in BMC Remedy AR System 9.1?
To fix CVE-2017-18228, it is recommended to apply the latest security patches and updates provided by BMC to the Remedy Mid Tier in BMC Remedy AR System 9.1.
Where can I find more information about CVE-2017-18228?
You can find more information about CVE-2017-18228 at the following link: [BMC Communities Thread](https://communities.bmc.com/thread/164169).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bmc
- canonical/bmc remedy action request system
- version/bmc remedy action request system/9.1