CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 4CVE-2014-4873 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4873
08 Oct 2014 — SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. Vulnerabilidad de inyección SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos POST manipulados. BMC Track-it! • https://packetstorm.news/files/id/128594 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 16%CPEs: 1EXPL: 2CVE-2014-4874 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4874
08 Oct 2014 — BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la página TrackItWeb/Attachment. BMC Track-it! • https://packetstorm.news/files/id/128594 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 82%CPEs: 1EXPL: 5CVE-2014-4872 – BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
https://notcve.org/view.php?id=CVE-2014-4872
08 Oct 2014 — BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. BMC Track-It! 11.3.0.355 no requiere la autenticación en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar código arbitrario u obtener información sensible sobre credenci... • https://packetstorm.news/files/id/180691 • CWE-306: Missing Authentication for Critical Function •