Lucene search

PRIOn knowledge basePRION:CVE-2014-4872

HistoryOct 10, 2014 - 10:55 a.m.

Design/Logic Flaw

2014-10-1010:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

JSON

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.

CPENameOperatorVersion
track-it\\!eq11.3.0.355

CPE	Name	Operator	Version
	track-it\\!	eq	11.3.0.355

References

packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html

www.kb.cert.org/vuls/id/121036

raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

JSON

Related for PRION:CVE-2014-4872