// For flags

CVE-2016-6599

BMC Track-It! 11.4 - Multiple Vulnerabilities

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.

BMC Track-It! en versiones 11.4 anteriores a Hotfix 3 expone un servicio de configuración en remoto .NET no autenticado (ConfigurationService) en el puerto 9010. El servicio contiene un método que puede ser empleado para recuperar un archivo de configuración que contiene el nombre de la base de datos de la aplicación, el nombre de usuario y las contraseñas, así como el nombre de usuario y la contraseña del administrador del dominio. Estos se cifran con una clave fija e IV ("NumaraIT") mediante el algoritmo DES. El nombre de usuario y contraseña del administrador del dominio solo pueden ser obtenidos si el componente Self-Service está habilitado, lo que es el escenario más común en la implementación en empresa.

BMC Track-It! version 11.4 suffers from remote code execution and credential disclosure vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-09-28 First Exploit
  • 2016-08-04 CVE Reserved
  • 2018-01-26 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-255: Credentials Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bmc
Search vendor "Bmc"
 Track-it\!
Search vendor "Bmc" for product "Track-it\!"
 <= 11.4
Search vendor "Bmc" for product "Track-it\!" and version " <= 11.4"
-
Affected
Bmc
Search vendor "Bmc"
 Track-it\!
Search vendor "Bmc" for product "Track-it\!"
 11.4
Search vendor "Bmc" for product "Track-it\!" and version "11.4"
hf1
Affected
Bmc
Search vendor "Bmc"
 Track-it\!
Search vendor "Bmc" for product "Track-it\!"
 11.4
Search vendor "Bmc" for product "Track-it\!" and version "11.4"
hf2
Affected