CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 4CVE-2016-6598 – BMC Track-It! 11.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-6598
26 Jan 2018 — BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. BMC Track-It! • https://www.exploit-db.com/exploits/43883 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2016-6599 – BMC Track-It! 11.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-6599
26 Jan 2018 — BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service ... • https://www.exploit-db.com/exploits/43883 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 0CVE-2014-8270 – BMC Track-It! Web Account Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8270
09 Dec 2014 — BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. BMC Track-It! 11.3 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario mediante la ceración de una cuenta cuya nombre coincide con él de una cuenta de sistema local, posteriormente realizando una recalibración de la contraseña. This vulnerability allows remote attackers to execute arbitrary ... • http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4873 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4873
08 Oct 2014 — SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. Vulnerabilidad de inyección SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos POST manipulados. BMC Track-it! • https://www.exploit-db.com/exploits/34924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4874 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4874
08 Oct 2014 — BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la página TrackItWeb/Attachment. BMC Track-it! • https://www.exploit-db.com/exploits/34924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 2CVE-2014-4872 – Numara / BMC Track-It! FileStorageService - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4872
08 Oct 2014 — BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. BMC Track-It! 11.3.0.355 no requiere la autenticación en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar código arbitrario u obtener información sensible sobre credenci... • https://www.exploit-db.com/exploits/35032 • CWE-306: Missing Authentication for Critical Function •