SQL Injection Vulnerability in BMC Track-It! by BMC Software
CVE-2014-4873

Currently unrated

Key Information:

Vendor: Bmc
Status: Track-it\!
Vendor: CVE Published:; 10 October 2014

What is CVE-2014-4873?

A SQL injection vulnerability exists in the TrackItWeb/Grid/GetData component of BMC Track-It! 11.3.0.355. This flaw allows remote authenticated users to send specially crafted POST requests that execute arbitrary SQL commands on the backend database. Exploitation of this vulnerability can lead to unauthorized access to sensitive information, manipulation of data, or potentially complete compromise of the affected system.

References

http://packetstormsecurity.com/files/128594/BMC-Track-it-...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/121036

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/70268

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
Jul 10, 2014

JSON

Bmc

What is CVE-2014-4873?

References

Timeline