CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8270 – BMC Track-It! Web Account Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8270
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. BMC Track-It! 11.3 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario mediante la ceración de una cuenta cuya nombre coincide con él de una cuenta de sistema local, posteriormente realizando una recalibración de la contraseña. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BMC Track-It!. • http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 http://www.zerodayinitiative.com/advisories/ZDI-14-419 https://www.zerodayinitiative.com/advisories/ZDI-14-419 • CWE-264: Permissions, Privileges, and Access Controls •