CVE-2014-8270

Name of the Vulnerable Software and Affected Versions BMC Track-It! version 11.3

Description The issue allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. This is related to a credential information disclosure vulnerability in the web account component.

Recommendations For version 11.3, consider restricting access to the password reset functionality until a fix is available, and avoid creating accounts with names that match local system accounts to minimize the risk of exploitation.