Lucene search

[email protected]CVE-2014-8270

HistoryDec 12, 2014 - 11:59 a.m.

CVE-2014-8270

2014-12-1211:59:05

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-8270

bmc track-it!

privilege escalation

arbitrary code execution

password reset

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

Affected configurations

NVD

Node

bmctrack-it\!Match11.3

CPENameOperatorVersion
bmc:track-it\!bmc track-it!eq11.3

CPE	Name	Operator	Version
bmc:track-it\!	bmc track-it!	eq	11.3

References

support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654

www.zerodayinitiative.com/advisories/ZDI-14-419/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2014-8270

cvelist1 nvd1 zdi1 prion1