BMC Track-It! Information Leakage Vulnerability (CVE-2014-8270)
Release date:
Updated on:
Affected Systems:
BMC Track-It! 11.3
Description:
Bugtraq id: 71626
CVE (CAN) ID: CVE-2014-8270
BMC Track-It! Is an integrated IT help desktop and asset management solution.
BMC Track-It! Version 11.3 has a security vulnerability during password resetting. Remote attackers can exploit this vulnerability to obtain elevated permissions and execute arbitrary code by creating accounts that match the name of the local system account.
<* Source: Brandon Perry
Link: http://www.zerodayinitiative.com/advisories/ZDI-14-419/
*>
Suggestion:
Vendor patch:
BMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.numarasoftware.com/support/view_article.asp? ArticleID = 7654
This article permanently updates the link address: