External risk intelligence

BMC Remedy Mid Tier Remote and Local File Inclusion Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2017-17674

BMC Remedy Mid Tier serves as the web-based interface for the BMC Remedy AR System. It is commonly deployed as an internet-facing or intranet-facing web application used by employees or customers to access service management tools, making it a standard web application surface reachable over common network protocols.

Server-Side Request Forgery

Bmc Remedy Mid Tier

9.1

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A remote and local file inclusion vulnerability exists in BMC Remedy Mid Tier. This issue could potentially allow attackers to gain significant control over affected systems, leading to actions such as system fingerprinting, internal network scanning, or even remote code execution.

  • Flaw allows unauthorized access to system files.
  • Critical for understanding potential system compromise.
  • Confirm if this technology is in use.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable BMC Remedy Mid Tier instance. This could allow them to abuse file inclusion features to interact with the system in unintended ways. When successful, this could lead to sensitive information disclosure, unauthorized system access, or even remote code execution.

  • No authentication required.
  • Triggered via network requests.
  • Risks include RCE and SSRF.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could impact the confidentiality, integrity, and availability of the BMC Remedy Mid Tier system, potentially exposing sensitive system information, enabling unauthorized access, or disrupting service operations. These risks are present when the system is accessible over a network and not adequately secured.

  • System data and service behavior could be affected.
  • Exposure may occur through unauthenticated network requests.
  • Unauthorized access or service disruption is possible.

Operational Fix

Recommended remediation, mitigation, and detection steps

BMC Remedy Mid Tier, used for accessing BMC Remedy AR System, is likely managed by application owners or platform teams responsible for web-based services. The first step is to identify all instances of this technology, confirm their reachability and business criticality, and then locate the accountable owner to plan remediation based on risk.

  • Application or platform teams should own the issue.
  • Verify if Mid Tier is exposed externally.
  • Plan remediation based on exposure and criticality.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is BMC Remedy Mid Tier?

BMC Remedy Mid Tier is a web-based interface that provides users access to the BMC Remedy AR System. It serves as the front-end portal for enterprise service management tools, allowing employees or customers to interact with system data and workflows through standard web browsers and network protocols.

How does CVE-2017-17674 create a security weakness?

This CVE is categorized as CWE-918, which is Server-Side Request Forgery (SSRF). In simple terms, the software fails to properly restrict file inclusion requests. An attacker can manipulate these requests to force the application to interact with unintended local files or external network resources, which can lead to unauthorized actions like system fingerprinting or remote code execution.

What triggers this BMC Remedy Mid Tier vulnerability?

The flaw is triggered when an attacker sends specially crafted, unauthenticated network requests to the application. It is important to note that this vulnerability relates to how the system processes these requests; simple internal traffic that does not contain these malicious patterns will not trigger the bug.

Do I need to worry if my BMC Remedy instance is internal?

According to Halo Surface Signal, this software is often deployed as an internet-facing application, making it a standard web surface reachable over common protocols. While internet-facing instances are at higher risk, any environment where the system is reachable over a network—even internally—should be evaluated to ensure it is not accessible to unauthorized users.

What are the first steps to address this issue?

You should begin by performing a discovery to locate every instance of BMC Remedy Mid Tier within your network. Once you have an inventory, coordinate with the application owners to assess the reachability of each instance. From there, prioritize remediation plans based on the business criticality and network exposure of the identified systems.

References