CVE-2016-6598

Name of the Vulnerable Software and Affected Versions BMC Track-It! versions prior to 11.4 Hotfix 3

Description The issue is related to insufficient access control in the FileStorageService, which exposes an unauthenticated .NET remoting file storage service on port 9010. This allows an attacker to upload a file to an arbitrary path on the machine, potentially leading to code execution as NETWORK SERVICE or SYSTEM. The vulnerability can be exploited by a remote attacker to upload files to the web root, achieving code execution with elevated privileges.

Recommendations For versions prior to 11.4 Hotfix 3, apply Hotfix 3 to resolve the issue. As a temporary workaround, consider restricting access to the FileStorageService on port 9010 to minimize the risk of exploitation.