What is CVE-2014-4872?

CVE-2014-4872 is a vulnerability in Bmc Track-it\!, classified under Missing Authentication for Critical Function. Published 2014-10-10.

Is CVE-2014-4872 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Bmc Track-it\!

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting re…

Vulnerability class: Broken Authentication

EPSS: 0.822 (99.2th percentile) — read the EPSS interpretation.

Affected products

Bmc Track-it\! — versions 11.3.0.355
N/a — versions n/a

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

References

cret@cert.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
VU#121036 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cret@cert.org (Third Party Advisory, x_refsource_MISC, Broken Link)

Frequently asked questions

What is CVE-2014-4872?: CVE-2014-4872 is a vulnerability in Bmc Track-it\!, classified under Missing Authentication for Critical Function. Published 2014-10-10.
Is CVE-2014-4872 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.