Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-4872

Published: 10/10/2014 Updated: 02/08/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Bmc

Vulnerability Summary

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote malicious users to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bmc track-it\\! 11.3.0.355

Exploits

Exploit DB: Numara / BMC Track-It! FileStorageService - Arbitrary File Upload (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info( ...
Exploit DB: BMC Track-It! - Multiple Vulnerabilities
>> Multiple critical vulnerabilities in BMC Track-It! >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= The application exposes several NET remoting services on port 9010 NET remoting is a RMI technology similar to Java RMI ...
Exploit DB: BMC Track-It! 11.4 Code Execution / Information Disclosure
BMC Track-It! version 114 suffers from remote code execution and credential disclosure vulnerabilities ...
Exploit DB: BMC Track-it! Remote Code Execution / SQL Injection
BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities ...

Github Repositories

https://github.com/sho-luv/track-it_decrypt

This is a tool the decrypts Track-It passwords that are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm

___ ____ ____ ____ _ _ _ ___ / ___ ____ ____ ____ _ _ ___ ___ | |__/ |__| | |_/ __ | | / | \ |___ | |__/ \_/ |__] | | | \ | | |___ | \_ | | |__/ |___ |___ | \ | | | Track-It! Password Decrypter track-it_d

References

CWE-306http://www.kb.cert.org/vuls/id/121036https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txthttp://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.htmlhttps://nvd.nist.govhttps://github.com/sho-luv/track-it_decrypthttps://www.exploit-db.com/exploits/35032/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook