Vulnerabilities for Track-it! (...) - CXSECURITY.COM

Vulnerabilities for 'Track-it!'

2018-01-30

CVE-2016-6599

CWE-255

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.

CVE-2016-6598

CWE-284

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.

>>> Vendor: BMC 24 Products

Software control-m agent

Remedy action request system

Performance manager

Patrol perform agent

Capacity management essentials

Performance analysis for servers

Performance analyzer for servers

Performance assurance for servers

Performance assurance for virtual servers

Performance predictor for servers

Identity management suite

Service desk express

Bladelogic server automation console

Server automation

Footprints service core

Remedy action request system server

Remedy mid-tier

Remedy smart reporting

Myit digital workplace

Remedy ar system server

Copyright 2024, cxsecurity.com