CVE-2016-6598

CRITICAL

BMC Track-It! <11.4 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6598.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple critical vulnerabilities in BMC Track-It! 11.4, including unauthenticated .NET remoting services leading to remote code execution and credential disclosure. The advisory explains the root cause, attack vectors, and lack of authentication in the encryption key exchange process.

Description

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.

Exploits (1)

exploitdb WRITEUP

webappswindows

https://www.exploit-db.com/exploits/43883

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple critical vulnerabilities in BMC Track-It! 11.4, including unauthenticated .NET remoting services leading to remote code execution and credential disclosure. The advisory explains the root cause, attack vectors, and lack of authentication in the encryption key exchange process.

Classification

Writeup 100%

Attack Type

Rce | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BMC Track-It! 11.4

No auth needed

Prerequisites: Network access to port 9010 · Track-It! 11.4 with .NET remoting services exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1005 - Data from Local System

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Mailing List, Technical Description, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jan/92

Exploit, Third Party Advisory x_refsource_misc

https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt

View Exploit ZIP pw:eip

Vendor Advisory x_refsource_confirm

https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html

Scores

CVSS v3 9.8

EPSS 0.1958

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (2)

bmc/track-it\! 11.4 hf1 (2 CPE variants)

bmc/track-it\! < 11.4

Published Jan 30, 2018

Tracked Since Feb 18, 2026