Products

Solutions

Company

Book A Live Demo

CVE-2017-18228 : Security Advisory and Response

Learn about CVE-2017-18228, a Cross-Site Scripting (XSS) vulnerability in BMC Remedy AR System 9.1. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.

BMC Remedy AR System 9.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability through the ATTKey parameter in an arsys/servlet/AttachServlet request.

Understanding CVE-2017-18228

This CVE entry describes a security issue in BMC Remedy AR System 9.1 that could potentially allow an attacker to execute XSS attacks.

What is CVE-2017-18228?

The ATTKey parameter in the arsys/servlet/AttachServlet request in BMC Remedy AR System 9.1 can be manipulated by an attacker to inject malicious scripts, leading to XSS vulnerabilities.

The Impact of CVE-2017-18228

Exploitation of this vulnerability could result in unauthorized access to sensitive data, session hijacking, and potential compromise of user information.

Technical Details of CVE-2017-18228

This section provides more in-depth technical information about the vulnerability.

Vulnerability Description

The vulnerability exists in Remedy Mid Tier in BMC Remedy AR System 9.1, allowing attackers to conduct XSS attacks via the ATTKey parameter in the arsys/servlet/AttachServlet request.

Affected Systems and Versions

Product: BMC Remedy AR System 9.1

Version: Not applicable

Exploitation Mechanism

Attackers can exploit the vulnerability by injecting malicious scripts through the ATTKey parameter in specific requests, potentially leading to XSS attacks.

Mitigation and Prevention

Protecting systems from CVE-2017-18228 requires immediate actions and long-term security practices.

Immediate Steps to Take

Apply security patches provided by BMC to address the vulnerability promptly.

Monitor and filter user inputs to prevent malicious script injections.

Educate users on safe browsing practices to mitigate the risk of XSS attacks.

Long-Term Security Practices

Conduct regular security assessments and penetration testing to identify and address vulnerabilities proactively.

Implement web application firewalls (WAFs) to filter and block malicious traffic targeting XSS vulnerabilities.

Patching and Updates

Regularly update and patch BMC Remedy AR System 9.1 to ensure that known vulnerabilities, including CVE-2017-18228, are mitigated effectively.

CVE-2017-18228 : Security Advisory and Response

Understanding CVE-2017-18228

What is CVE-2017-18228?

The Impact of CVE-2017-18228

Technical Details of CVE-2017-18228

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-18228 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-18228

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-18228?

The Impact of CVE-2017-18228

Technical Details of CVE-2017-18228

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-18228

What is CVE-2017-18228?

Is your System Free of Underlying Vulnerabilities?
Find Out Now