Track-It! 11.4 Hotfix 3 ( addresses two high severity Security Vulnerabilities.

Track-It! 11.4 Security Vulnerability: unauthorized access thru Track-It! Service components

Exploit published in CVE-2014-4872 was addressed in 11.4 Hotfix 02 ( The new exploit that is specific for 11.4 Hotfix 02 was recently reported. This new exploit can traverse to parent paths of Track-It! server, upload a file and execute code under the IIS user.

The exploit leverages ConfigurationService and FileStorageService services, which allows uploading a file anywhere in the Track-It! server’s file system by means of parent path traversal and execute arbitrary code via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService


More details on this vulnerability can be found in Track-It! knowledge base here:

We have reviewed and prioritized the issue as High (1). We highly recommend that you apply the 11.4 Hotfix 3 cumulative patch.


These vulnerabilities are addressed in Track-It! 11.4 Hotfix 3 (

This Track-It! product updates are available in “Product Downloads” section on

Download Instructions:

Please refer to instructions on Electronic Product Download - to know more about how to get your product, patches and documentation downloads.

Should you still wish to contact support regarding this issue, please reference TL1069845 & TL1069846

This security Vulnerability was found & reported by “Pedro Riberio working with Beyond Security's SecuriTeam Secure Disclosure program”