Remote Code Execution Vulnerability in BMC Track-It! by BMC Software
CVE-2014-4872

Currently unrated

Key Information:

Vendor

Bmc

Status
Track-it\!
Vendor
CVE Published:
10 October 2014

What is CVE-2014-4872?

BMC Track-It! version 11.3.0.355 has a severe security flaw that allows remote attackers to exploit unsecured TCP port 9010. This vulnerability does not require authentication, enabling attackers to upload arbitrary files, execute malicious code, or access sensitive information related to credentials and configurations through .NET Remoting requests directed at the FileStorageService or ConfigurationService. Organizations using this software should promptly implement security measures to mitigate potential exploits.

References

http://packetstormsecurity.com/files/128594/BMC-Track-it-...
x_refsource_MISC
http://www.kb.cert.org/vuls/id/121036
third-party-advisoryx_refsource_CERT-VN
https://raw.githubusercontent.com/pedrib/PoC/master/gener...
x_refsource_MISC

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.