CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2016-6599 – BMC Track-It! 11.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-6599
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments. • https://www.exploit-db.com/exploits/43883 http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/92 https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015 https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 4CVE-2016-6598 – BMC Track-It! 11.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-6598
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. BMC Track-It! • https://www.exploit-db.com/exploits/43883 http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/92 https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015 https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8270 – BMC Track-It! Web Account Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8270
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. BMC Track-It! 11.3 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario mediante la ceración de una cuenta cuya nombre coincide con él de una cuenta de sistema local, posteriormente realizando una recalibración de la contraseña. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BMC Track-It!. • http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 http://www.zerodayinitiative.com/advisories/ZDI-14-419 https://www.zerodayinitiative.com/advisories/ZDI-14-419 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4874 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4874
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la página TrackItWeb/Attachment. BMC Track-it! • https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 95%CPEs: 1EXPL: 2CVE-2014-4872 – Numara / BMC Track-It! FileStorageService - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4872
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. BMC Track-It! 11.3.0.355 no requiere la autenticación en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar código arbitrario u obtener información sensible sobre credenciales y configuraciones a través de una solicitud .NET Remoting en (1) FileStorageService o (2) ConfigurationService. BMC Track-it! • https://www.exploit-db.com/exploits/35032 https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-306: Missing Authentication for Critical Function •