CVE-2014-4874

BMC Track-It! 11.3.0.355 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4874.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in BMC Track-It!, including unauthenticated .NET remoting services leading to credential disclosure and remote code execution, SQL injection, arbitrary file download, and hardcoded database credentials. The writeup includes specific technical details such as affected methods, encryption mechanisms, and exploit vectors.

Description

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

Exploits (1)

exploitdb WRITEUP
webappswindows
https://www.exploit-db.com/exploits/34924

This is a detailed technical writeup describing multiple vulnerabilities in BMC Track-It!, including unauthenticated .NET remoting services leading to credential disclosure and remote code execution, SQL injection, arbitrary file download, and hardcoded database credentials. The writeup includes specific technical details such as affected methods, encryption mechanisms, and exploit vectors.

Classification
Writeup 100%
Attack Type
Info Leak | Rce | Sqli
Complexity
Moderate
Reliability
Reliable
Target: BMC Track-It! versions 8 to 11.3+
No auth needed
Prerequisites: Network access to port 9010 · Self-Service component enabled for credential disclosure
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/121036

Scores

EPSS 0.0756
EPSS Percentile 93.7%

Details

CWE
CWE-200
Status published
Products (1)
bmc/track-it\! 11.3.0.355
Published Oct 10, 2014
Tracked Since Feb 18, 2026