CVE-2014-8270

BMC Track-it! - Access Control

Title source: rule

Description

BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.

Exploits (1)

metasploit WORKING POC

by bperry, jhart · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb

View Code ZIP pw:eip

References (2)

[Broken Link, Vendor Advisory] http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-14-419/

Scores

EPSS 0.6570

EPSS Percentile 98.5%

Details

CWE

CWE-264

Status published

Products (1)

bmc/track-it\! 11.3

Published Dec 12, 2014

Tracked Since Feb 18, 2026