Vulnerabilites related to bmc - track-it\!
CVE-2021-35002 (GCVE-0-2021-35002)
Vulnerability from cvelistv5
Published
2024-05-07 22:54
Modified
2024-08-04 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-002/ | x_research-advisory | |
| https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bmc:track-it\\!:20.19.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "track-it\\!",
"vendor": "bmc",
"versions": [
{
"lessThanOrEqual": "20.21.01",
"status": "affected",
"version": "20.19.01",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T19:21:31.574143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:34.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-22-002",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-002/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.770-05:00",
"datePublic": "2022-01-06T07:20:45.306-06:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:54.220Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-22-002",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-002/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"source": {
"lang": "en",
"value": "Brandon Perry"
},
"title": "BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-35002",
"datePublished": "2024-05-07T22:54:54.220Z",
"dateReserved": "2021-06-17T19:27:05.669Z",
"dateUpdated": "2024-08-04T00:26:55.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24047 (GCVE-0-2022-24047)
Vulnerability from cvelistv5
Published
2022-02-18 19:51
Modified
2024-08-03 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-290/ | x_refsource_MISC | |
| https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Markus Wulftange (@mwulftange)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T19:51:39",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-24047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Track-It!",
"version": {
"version_data": [
{
"version_value": "20.21.01.102"
}
]
}
}
]
},
"vendor_name": "BMC"
}
]
}
},
"credit": "Markus Wulftange (@mwulftange)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
},
{
"name": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It",
"refsource": "MISC",
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-24047",
"datePublished": "2022-02-18T19:51:40",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35865 (GCVE-0-2022-35865)
Vulnerability from cvelistv5
Published
2022-08-03 15:21
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-968/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.2.109"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Markus Wulftange (@mwulftange)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-03T15:21:53",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Track-It!",
"version": {
"version_data": [
{
"version_value": "20.21.2.109"
}
]
}
}
]
},
"vendor_name": "BMC"
}
]
}
},
"credit": "Markus Wulftange (@mwulftange)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2",
"refsource": "MISC",
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35865",
"datePublished": "2022-08-03T15:21:53",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35864 (GCVE-0-2022-35864)
Vulnerability from cvelistv5
Published
2022-08-03 15:21
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-967/ | x_refsource_MISC | |
| https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.02.109"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Y4er"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-03T15:21:39",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Track-It!",
"version": {
"version_data": [
{
"version_value": "20.21.02.109"
}
]
}
}
]
},
"vendor_name": "BMC"
}
]
}
},
"credit": "Y4er",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/"
},
{
"name": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2",
"refsource": "MISC",
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35864",
"datePublished": "2022-08-03T15:21:39",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8270 (GCVE-0-2014-8270)
Vulnerability from cvelistv5
Published
2014-12-12 11:00
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-14-419/ | x_refsource_MISC | |
| http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T03:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-8270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/"
},
{
"name": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654",
"refsource": "CONFIRM",
"url": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-8270",
"datePublished": "2014-12-12T11:00:00",
"dateReserved": "2014-10-12T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35001 (GCVE-0-2021-35001)
Vulnerability from cvelistv5
Published
2024-05-07 22:54
Modified
2024-08-04 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-001/ | x_research-advisory | |
| https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bmc:track-it\\!:20.21.01.102:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "track-it\\!",
"vendor": "bmc",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:27:51.149823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:35.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-22-001",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"dateAssigned": "2021-06-30T08:56:51.767-05:00",
"datePublic": "2022-01-06T07:20:36.842-06:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:53.388Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-22-001",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"source": {
"lang": "en",
"value": "Brandin Perry"
},
"title": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-35001",
"datePublished": "2024-05-07T22:54:53.388Z",
"dateReserved": "2021-06-17T19:27:05.669Z",
"dateUpdated": "2024-08-04T00:26:55.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4874 (GCVE-0-2014-4874)
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 11:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/121036 | third-party-advisory, x_refsource_CERT-VN | |
| https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-08T11:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4874",
"datePublished": "2014-10-10T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6599 (GCVE-0-2016-6599)
Vulnerability from cvelistv5
Published
2018-01-30 20:00
Modified
2024-08-06 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Jan/92 | mailing-list, x_refsource_FULLDISC | |
| https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt | x_refsource_MISC | |
| https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (\"NumaraIT\") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-30T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (\"NumaraIT\") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"name": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015",
"refsource": "CONFIRM",
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"name": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6599",
"datePublished": "2018-01-30T20:00:00",
"dateReserved": "2016-08-04T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4873 (GCVE-0-2014-4873)
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 11:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/121036 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/70268 | vdb-entry, x_refsource_BID | |
| https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"name": "70268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-08T11:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"name": "70268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"name": "70268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70268"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4873",
"datePublished": "2014-10-10T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4872 (GCVE-0-2014-4872)
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 11:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/121036 | third-party-advisory, x_refsource_CERT-VN | |
| https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:37.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-08T11:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"name": "VU#121036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4872",
"datePublished": "2014-10-10T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:37.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6598 (GCVE-0-2016-6598)
Vulnerability from cvelistv5
Published
2018-01-30 20:00
Modified
2024-08-06 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Jan/92 | mailing-list, x_refsource_FULLDISC | |
| https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt | x_refsource_MISC | |
| https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-30T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"name": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015",
"refsource": "CONFIRM",
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"name": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6598",
"datePublished": "2018-01-30T20:00:00",
"dateReserved": "2016-08-04T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-03 16:15
Modified
2024-11-21 07:11
Severity ?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | Patch, Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-967/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-967/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 20.19.03 | |
| bmc | track-it\! | 20.20.01 | |
| bmc | track-it\! | 20.20.02 | |
| bmc | track-it\! | 20.20.03 | |
| bmc | track-it\! | 20.21.01 | |
| bmc | track-it\! | 20.21.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.03:*:*:*:*:*:*:*",
"matchCriteriaId": "80B5F6EB-E001-4D1F-8428-99AF9DC3D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C30FF-FF7C-4F8C-ACB8-A3BC3CFE1EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8B4BD9-9197-49C7-9E1D-EEA831E0CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.03:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA184EF-A951-4E16-B11B-EE7A6456D974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0E5F78-3CA7-4E92-B714-09E2FCC51DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.02:*:*:*:*:*:*:*",
"matchCriteriaId": "433AA79E-D04C-4128-A55D-1A695D3DEA09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n sensible en las instalaciones afectadas de BMC Track-It! versi\u00f3n 20.21.02.109. Es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta en el endpoint GetPopupSubQueryDetails. El problema resulta de la falta de comprobaci\u00f3n apropiada de una cadena suministrada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para divulgar las credenciales almacenadas, conllevando a un mayor compromiso. Era ZDI-CAN-16690"
}
],
"id": "CVE-2022-35864",
"lastModified": "2024-11-21T07:11:50.000",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-03T16:15:08.647",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-967/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-30 20:29
Modified
2024-11-21 02:56
Severity ?
Summary
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | * | |
| bmc | track-it\! | 11.4 | |
| bmc | track-it\! | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27364D6B-C6B8-40EA-B1F4-849C2EB54962",
"versionEndIncluding": "11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.4:hf1:*:*:*:*:*:*",
"matchCriteriaId": "F28C98AB-61E2-4C92-BEAF-ECF12ACB6879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.4:hf2:*:*:*:*:*:*",
"matchCriteriaId": "63548FEB-797C-4033-90B9-5FFE602E011B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM."
},
{
"lang": "es",
"value": "BMC Track-It! en versiones 11.4 anteriores a Hotfix 3 expone un servicio de almacenamiento de archivos en remoto .NET no autenticado (FileStorageService) en el puerto 9010. Este servicio contiene un m\u00e9todo que permite la subida de un archivo a una ruta arbitraria en la m\u00e1quina que ejecuta Track-It!. Esto puede ser empleado para subir un archivo en el root web y lograr la ejecuci\u00f3n de c\u00f3digo como NETWORK SERVICE o SYSTEM."
}
],
"id": "CVE-2016-6598",
"lastModified": "2024-11-21T02:56:24.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-30T20:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 | Broken Link, Vendor Advisory | |
| cret@cert.org | http://www.zerodayinitiative.com/advisories/ZDI-14-419/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-14-419/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 11.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15256367-4248-4A39-B8BC-D10C4E6B8549",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset."
},
{
"lang": "es",
"value": "BMC Track-It! 11.3 permite a atacantes remotos ganar privilegios y ejecutar c\u00f3digo arbitrario mediante la ceraci\u00f3n de una cuenta cuya nombre coincide con \u00e9l de una cuenta de sistema local, posteriormente realizando una recalibraci\u00f3n de la contrase\u00f1a."
}
],
"id": "CVE-2014-8270",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-12T11:59:05.657",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://support.numarasoftware.com/support/articles.asp?how=%20AND%20\u0026mode=detail\u0026kcriteria=7508\u0026ID=7654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-419/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 11.3.0.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.3.0.355:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1E260D-357B-4F49-B910-33178F0F29E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService."
},
{
"lang": "es",
"value": "BMC Track-It! 11.3.0.355 no requiere la autenticaci\u00f3n en el puerto TCP 9010, lo que permite a atacantes remotos subir ficheros arbitrarios, ejecutar c\u00f3digo arbitrario u obtener informaci\u00f3n sensible sobre credenciales y configuraciones a trav\u00e9s de una solicitud .NET Remoting en (1) FileStorageService o (2) ConfigurationService."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/306.html\"\u003eCWE-306: Missing Authentication for Critical Function\u003c/a\u003e",
"id": "CVE-2014-4872",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-10T10:55:07.523",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/70268 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70268 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 11.3.0.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.3.0.355:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1E260D-357B-4F49-B910-33178F0F29E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de datos POST manipulados."
}
],
"id": "CVE-2014-4873",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-10T10:55:07.570",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70268"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-30 20:29
Modified
2024-11-21 02:56
Severity ?
Summary
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | * | |
| bmc | track-it\! | 11.4 | |
| bmc | track-it\! | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27364D6B-C6B8-40EA-B1F4-849C2EB54962",
"versionEndIncluding": "11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.4:hf1:*:*:*:*:*:*",
"matchCriteriaId": "F28C98AB-61E2-4C92-BEAF-ECF12ACB6879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.4:hf2:*:*:*:*:*:*",
"matchCriteriaId": "63548FEB-797C-4033-90B9-5FFE602E011B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV (\"NumaraIT\") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments."
},
{
"lang": "es",
"value": "BMC Track-It! en versiones 11.4 anteriores a Hotfix 3 expone un servicio de configuraci\u00f3n en remoto .NET no autenticado (ConfigurationService) en el puerto 9010. El servicio contiene un m\u00e9todo que puede ser empleado para recuperar un archivo de configuraci\u00f3n que contiene el nombre de la base de datos de la aplicaci\u00f3n, el nombre de usuario y las contrase\u00f1as, as\u00ed como el nombre de usuario y la contrase\u00f1a del administrador del dominio. Estos se cifran con una clave fija e IV (\"NumaraIT\") mediante el algoritmo DES. El nombre de usuario y contrase\u00f1a del administrador del dominio solo pueden ser obtenidos si el componente Self-Service est\u00e1 habilitado, lo que es el escenario m\u00e1s com\u00fan en la implementaci\u00f3n en empresa."
}
],
"id": "CVE-2016-6599",
"lastModified": "2024-11-21T02:56:24.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-30T20:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Technical Description",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 23:15
Modified
2025-04-10 21:05
Severity ?
Summary
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 20.19.01 | |
| bmc | track-it\! | 20.19.02 | |
| bmc | track-it\! | 20.19.03 | |
| bmc | track-it\! | 20.20.01 | |
| bmc | track-it\! | 20.20.02 | |
| bmc | track-it\! | 20.20.03 | |
| bmc | track-it\! | 20.21.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.01:*:*:*:*:*:*:*",
"matchCriteriaId": "74E8F32E-A350-4EF5-ACD2-CF001101F474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F31ED78-C6B7-4BB4-AB79-F7AE38546BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.03:*:*:*:*:*:*:*",
"matchCriteriaId": "80B5F6EB-E001-4D1F-8428-99AF9DC3D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C30FF-FF7C-4F8C-ACB8-A3BC3CFE1EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8B4BD9-9197-49C7-9E1D-EEA831E0CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.03:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA184EF-A951-4E16-B11B-EE7A6456D974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0E5F78-3CA7-4E92-B714-09E2FCC51DB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122."
},
{
"lang": "es",
"value": "\u00a1BMC Track-It! Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de carga de archivos sin restricciones. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de BMC Track-It!. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el procesamiento de archivos adjuntos de correo electr\u00f3nico. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede permitir la carga de archivos arbitrarios. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Era ZDI-CAN-14122."
}
],
"id": "CVE-2021-35002",
"lastModified": "2025-04-10T21:05:11.153",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-07T23:15:14.313",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-002/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It | Issue Tracking, Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-290/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-290/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 20.21.01.102 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.01.102:*:*:*:*:*:*:*",
"matchCriteriaId": "F689E62E-E357-4A9B-8774-667A147A00F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes remotos omitir la autenticaci\u00f3n en las instalaciones afectadas de BMC Track-It! versi\u00f3n 20.21.01.102. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta en la autorizaci\u00f3n de peticiones HTTP. El problema resulta de una falta de autenticaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticaci\u00f3n en el sistema. Era ZDI-CAN-14618"
}
],
"id": "CVE-2022-24047",
"lastModified": "2024-11-21T06:49:43.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T20:15:17.693",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/121036 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 11.3.0.355 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:11.3.0.355:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1E260D-357B-4F49-B910-33178F0F29E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page."
},
{
"lang": "es",
"value": "BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados leer ficheros arbitrarios mediante la visita a la p\u00e1gina TrackItWeb/Attachment."
}
],
"id": "CVE-2014-4874",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-10T10:55:07.617",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/121036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-03 16:15
Modified
2024-11-21 07:11
Severity ?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | Patch, Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-968/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-968/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 20.19.03 | |
| bmc | track-it\! | 20.20.01 | |
| bmc | track-it\! | 20.20.02 | |
| bmc | track-it\! | 20.20.03 | |
| bmc | track-it\! | 20.21.01 | |
| bmc | track-it\! | 20.21.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.03:*:*:*:*:*:*:*",
"matchCriteriaId": "80B5F6EB-E001-4D1F-8428-99AF9DC3D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C30FF-FF7C-4F8C-ACB8-A3BC3CFE1EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8B4BD9-9197-49C7-9E1D-EEA831E0CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.03:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA184EF-A951-4E16-B11B-EE7A6456D974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0E5F78-3CA7-4E92-B714-09E2FCC51DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.02:*:*:*:*:*:*:*",
"matchCriteriaId": "433AA79E-D04C-4128-A55D-1A695D3DEA09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de BMC Track-It! versi\u00f3n 20.21.2.109. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta en la autorizaci\u00f3n de las peticiones HTTP. El problema resulta de la falta de autenticaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Era ZDI-CAN-16709"
}
],
"id": "CVE-2022-35865",
"lastModified": "2024-11-21T07:11:50.133",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-03T16:15:08.710",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It-Version-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-968/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 23:15
Modified
2025-04-11 14:50
Severity ?
Summary
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bmc | track-it\! | 20.19.01 | |
| bmc | track-it\! | 20.19.02 | |
| bmc | track-it\! | 20.19.03 | |
| bmc | track-it\! | 20.20.01 | |
| bmc | track-it\! | 20.20.02 | |
| bmc | track-it\! | 20.20.03 | |
| bmc | track-it\! | 20.21.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.01:*:*:*:*:*:*:*",
"matchCriteriaId": "74E8F32E-A350-4EF5-ACD2-CF001101F474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F31ED78-C6B7-4BB4-AB79-F7AE38546BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.19.03:*:*:*:*:*:*:*",
"matchCriteriaId": "80B5F6EB-E001-4D1F-8428-99AF9DC3D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C30FF-FF7C-4F8C-ACB8-A3BC3CFE1EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.02:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8B4BD9-9197-49C7-9E1D-EEA831E0CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.20.03:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA184EF-A951-4E16-B11B-EE7A6456D974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bmc:track-it\\!:20.21.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0E5F78-3CA7-4E92-B714-09E2FCC51DB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527."
},
{
"lang": "es",
"value": "\u00a1BMC Track-It! Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de autorizaci\u00f3n faltante de GetData. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de BMC Track-It!. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del endpoint GetData. El problema se debe a la falta de autorizaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, lo que provocar\u00eda un mayor compromiso. Era ZDI-CAN-14527."
}
],
"id": "CVE-2021-35001",
"lastModified": "2025-04-11T14:50:03.303",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-07T23:15:14.120",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}