BMC : Security Vulnerabilities, CVEs, Published In 2014
CVE-2014-8270
Public exploit
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
Max CVSS
5.0
EPSS Score
2.08%
Published
2014-12-12
Updated
2023-08-02
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-10
Updated
2023-08-02
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
Max CVSS
6.5
EPSS Score
0.32%
Published
2014-10-10
Updated
2023-08-02
CVE-2014-4872
Public exploit
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
Max CVSS
7.5
EPSS Score
95.93%
Published
2014-10-10
Updated
2023-08-02
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
Max CVSS
6.9
EPSS Score
0.07%
Published
2014-05-14
Updated
2014-06-24
5 vulnerabilities found