VDB
CVE-2014-4872
CVE-2014-4872
PUBLISHED
CVSS 7.5 HIGH
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
EPSS 82.18% · 99.2th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
82.18%
99.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| bmc | track-it\! | 11.3.0.355 |
Timeline
- Oct 9, 2014 PoC Published
- Oct 10, 2014 CVE Published
- Oct 21, 2014 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score