First published: Fri Oct 10 2014(Updated: )
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bmc Track-it\! | =11.3.0.355 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.