CVE-2014-4872

Name of the Vulnerable Software and Affected Versions BMC Track-It! version 11.3.0.355

Description The issue allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information without requiring authentication on TCP port 9010. This can be achieved via a .NET Remoting request to API endpoints such as "FileStorageService" or "ConfigurationService".

Recommendations For BMC Track-It! version 11.3.0.355, as a temporary workaround, consider restricting access to TCP port 9010 to minimize the risk of exploitation. Additionally, restrict access to the "FileStorageService" and "ConfigurationService" API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.