Test ID:	1.3.6.1.4.1.25623.1.0.105932
Category:	Web application abuses
Title:	BMC Track-It! <= 11.3.0.355 Multiple Vulnerabilities
Summary:	BMC Track-It! is prone to multiple vulnerabilities.
Description:	Summary: BMC Track-It! is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2014-4872: BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result. - CVE-2014-4873: An authenticated user can engage in blind SQL Injection by entering comparison operators in the POST string for the /TrackItWeb/Grid/GetData page. - CVE-2014-4874: A remote authenticated user can download arbitrary files on the /TrackItWeb/Attachment page. Vulnerability Impact: Successful exploitation will allow remote attackers to perform SQL injections, arbitrary file upload/download and code execution. Affected Software/OS: BMC Track-It! version 11.3.0.355 and below. Solution: Hotfixes are available for CVE-2014-4873 and CVE-2014-4874. For CVE-2014-4872 there is currently no hotfix available. As a workaround block all traffic from untrusted networks to TCP/UDP ports 9010 to 9020. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4872 CERT/CC vulnerability note: VU#121036 http://www.kb.cert.org/vuls/id/121036 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-4873 BugTraq ID: 70268 http://www.securityfocus.com/bid/70268 Common Vulnerability Exposure (CVE) ID: CVE-2014-4874
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.