Track-it! Security Vulnerabilities and Issues — Track-it! CVE List

Lucene search

BmcTrack-it!

11 matches found

CVE•added 2022/02/18 8:15 p.m.•94 views

CVE-2022-24047

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentic...

9.8CVSS9.6AI score0.02349EPSS

CVE•added 2014/10/10 10:55 a.m.•54 views

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.

7.5CVSS9.5AI score0.82177EPSS

CVE•added 2018/01/30 8:29 p.m.•51 views

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the d...

9.8CVSS9.4AI score0.34433EPSS

CVE•added 2024/05/07 11:15 p.m.•51 views

CVE-2021-35002

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of em...

8.8CVSS9.1AI score0.05421EPSS

CVE•added 2022/08/03 4:15 p.m.•51 views

CVE-2022-35865

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentic...

9.8CVSS9.8AI score0.04846EPSS

CVE•added 2024/05/07 11:15 p.m.•49 views

CVE-2021-35001

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ge...

6.5CVSS3.4AI score0.00357EPSS

CVE•added 2014/10/10 10:55 a.m.•46 views

CVE-2014-4874

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

4CVSS6.2AI score0.16055EPSS

CVE•added 2022/08/03 4:15 p.m.•44 views

CVE-2022-35864

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of pr...

6.5CVSS6.5AI score0.00149EPSS

CVE•added 2014/12/12 11:59 a.m.•41 views

CVE-2014-8270

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

5CVSS8AI score0.62077EPSS

CVE•added 2014/10/10 10:55 a.m.•38 views

CVE-2014-4873

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

6.5CVSS7.9AI score0.04918EPSS

CVE•added 2018/01/30 8:29 p.m.•32 views

CVE-2016-6598

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...

10CVSS9.8AI score0.37972EPSS