CVE-2014-4872
BMC Track-It! 11.3.0.355 - RCE
Title source: llmDescription
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/35032
metasploit
WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/trackit_sql_domain_creds.rb
metasploit
WORKING POC
EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/trackit_file_upload.rb
References (3)
Scores
EPSS
0.8218
EPSS Percentile
99.2%
Details
CWE
CWE-306
Status
published
Products (1)
bmc/track-it\!
11.3.0.355
Published
Oct 10, 2014
Tracked Since
Feb 18, 2026