Track It\!
Sign in to watchby BMC Software
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-4872 | 0.10 | — | 0.82 | Oct 10, 2014 | BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | ||
| CVE-2014-8270 | 0.08 | — | 0.66 | Dec 12, 2014 | BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | ||
| CVE-2014-4874 | 0.04 | — | 0.16 | Oct 10, 2014 | BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. | ||
| CVE-2014-4873 | 0.03 | — | 0.05 | Oct 10, 2014 | SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. |