Track-It! 11.4 Hotfix 3 (18.104.22.1680) addresses two high severity Security Vulnerabilities.
Track-It! 11.4 Security Vulnerability: unauthorized access thru Track-It! Service components
Exploit published in CVE-2014-4872 was addressed in 11.4 Hotfix 02 (22.214.171.1245). The new exploit that is specific for 11.4 Hotfix 02 was recently reported. This new exploit can traverse to parent paths of Track-It! server, upload a file and execute code under the IIS user.
The exploit leverages ConfigurationService and FileStorageService services, which allows uploading a file anywhere in the Track-It! server’s file system by means of parent path traversal and execute arbitrary code via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService
More details on this vulnerability can be found in Track-It! knowledge base here:
- Identified Track-It! security vulnerability - Arbitrary File upload vulnerability
- Identified Track-It! security vulnerability - Execute any action without authentication (Unauthorized Access)
We have reviewed and prioritized the issue as High (1). We highly recommend that you apply the 11.4 Hotfix 3 cumulative patch.
These vulnerabilities are addressed in Track-It! 11.4 Hotfix 3 (126.96.36.1990)
This Track-It! product updates are available in “Product Downloads” section on http://www.bmc.com/support.
Please refer to instructions on Electronic Product Download - BMC.com to know more about how to get your product, patches and documentation downloads.
Should you still wish to contact support regarding this issue, please reference TL1069845 & TL1069846
This security Vulnerability was found & reported by “Pedro Riberio working with Beyond Security's SecuriTeam Secure Disclosure program”