Computer Security
[EN] securityvulns.ru no-pyccku


BMC Track-It multiple security vulnerabilities
Published:14.10.2014
Source:
SecurityVulns ID:14007
Type:remote
Threat Level:
5/10
Description:Code execution, information leakageŠ± SQL injection.
Affected:BMC : Track-It! 11.3
CVE:CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.)
 CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.)
 CVE-2014-4872 (BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.)
Original documentdocumentPedro Ribeiro, [CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! (14.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod