Information disclosure in Bmc Track-it\!

CVE-2014-4874

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

Vulnerability class: Information Disclosure

EPSS: 0.156 (94.8th percentile) — read the EPSS interpretation.

Affected products

Bmc Track-it\! — versions 11.3.0.355
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cret@cert.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
VU#121036 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cret@cert.org (Third Party Advisory, x_refsource_MISC, Broken Link)