Every CVE whose affected-product data names Bmc Track-it!, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-35865 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication…
CVE-2016-6598 — CVSS 9.8 (critical): BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This…
CVE-2016-6599 — CVSS 9.8 (critical): BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This…
CVE-2022-24047 — CVSS 9.8 (critical): This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication…
CVE-2014-4872 — CVSS 7.5 (high): BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute…
CVE-2022-35864 — CVSS 6.5 (medium): This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109…
CVE-2021-35001 — CVSS 6.5 (medium): BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose…
CVE-2014-4873 — CVSS 6.5 (medium): SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary…
CVE-2014-8270 — CVSS 5.0 (medium): BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of…
CVE-2014-4874 — CVSS 4.0 (medium): BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.