What is CVE-2014-8270?

CVE-2014-8270 is a vulnerability in Bmc Track-it\!, classified under CWE-264. Published 2014-12-12.

Is CVE-2014-8270 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bmc Track-it\!

CVE-2014-8270

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.

Affected products

Bmc Track-it\! — versions 11.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM, Broken Link, Vendor Advisory)

Frequently asked questions

What is CVE-2014-8270?: CVE-2014-8270 is a vulnerability in Bmc Track-it\!, classified under CWE-264. Published 2014-12-12.
Is CVE-2014-8270 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.